CVE-2026-49871

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

PT-2026-44465

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description A privilege escalation issue exists where an attacker with a member role on a project can escalate their privileges to admin. This is achieved by chaining unrestricted application...

Authenticator 安全漏洞

Authenticator is an authentication tool developed by Authenticator Extension. Versions of Authenticator prior to 4.16.0 contained a security vulnerability. This vulnerability stemmed from the possibility that the authentication process could be hijacked, allowing attackers to use the identity of...

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-64729

The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

elytron-oidc-client: OIDC Authorization Code Injection

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...