Lucene search
+L

4 matches found

OSV
OSV
added 2026/05/12 3:9 p.m.42 views

GHSA-X3R2-FJ3R-G5MV sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.31 views

PT-2026-35369

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.19.0 through 4.19.x Apache Camel versions 4.18.0 through 4.18.1 Description The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using...

7.8CVSS6.6AI score0.00342EPSS
Exploits1References26
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.8 views

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

6.1CVSS5.8AI score0.00278EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/06 9:14 p.m.7 views

EUVD-2026-10080

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

5.1CVSS5.9AI score0.00278EPSS
Exploits1References1
Rows per page
Query Builder