Lucene search
+L

208 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS0.00411EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:56 a.m.10 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

6AI score0.00411EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/07/06 7:56 a.m.22 views

CVE-2026-46455

CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...

9.8CVSS6AI score0.00411EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/07/06 7:56 a.m.5 views

EUVD-2026-41829

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS6AI score0.00411EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 7:56 a.m.5 views

CVE-2026-46455 Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS6.1AI score0.00411EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/08 12:7 p.m.51 views

CVE-2026-9549 Fix XSS in service discovery active check output

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 12:7 p.m.34 views

CVE-2026-9549

Technical details are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: quota: fixed the loop condition in f2fsquotasync The parameter cnt should be passed to sbhasquotaactive, rather than type, to correctly check the active quota. Moreover, when the type is -1, the compiler, with sufficient...

5.5CVSS6AI score0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:34 p.m.8 views

CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:34 p.m.8 views

CVE-2026-44561

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:1 p.m.14 views

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39278

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. An issue exists where the is user channel member function verifies the existence of a membership...

5.4CVSS6.1AI score0.00178EPSS
Exploits1References13
Cvelist
Cvelist
added 2026/02/04 4:8 p.m.38 views

CVE-2026-23105 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

7.8CVSS0.0012EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/12/18 12:0 a.m.4 views

Synology DiskStation Manager (DSM) File Disclosure Vulnerability (Synology-SA-24:20) - Active Check

Synology DiskStation Manager DSM is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.8AI score0.26952EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/11/25 12:0 a.m.16 views

mDNS Service Amplification Attack (UDP) - Active Check

A publicly accessible service supporting the Multicast DNS mDNS protocol can be exploited to participate in a Distributed Denial of Service DDoS attack. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

6.9AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/07/22 12:0 a.m.8 views

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2025:02390-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02390-1 advisory. This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-53146: NFSD: Prevent...

7.8CVSS7.1AI score0.00262EPSS
Exploits0References38
GithubExploit
GithubExploit
added 2025/04/26 4:59 p.m.253 views

Exploit for CVE-2025-2294

CVE-2025-2294 kubio-cve-2025-2294active.yaml - в шаблоне реал...

9.8CVSS9.7AI score0.76761EPSS
Exploits12
Vulnrichment
Vulnrichment
added 2025/02/26 1:56 a.m.7 views

CVE-2022-49282 f2fs: quota: fix loop condition at f2fs_quota_sync()

In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fsquotasync cnt should be passed to sbhasquotaactive instead of type to check active quota properly. Moreover, when the type is -1, the compiler with enough inline knowledge can discard...

5.9AI score0.00247EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.4 views

net/mlx5: fs, lock FTE when checking if active

...

5.5CVSS6.8AI score0.00198EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/01/06 12:0 a.m.108 views

Dahua Devices Information Disclosure Vulnerability (Jan 2025) - Active Check

Multiple Dahua devices and their OEMs are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.3CVSS5.2AI score0.01435EPSS
Exploits0References1
Rows per page
Query Builder