Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 6:48 p.m.13 views

Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled

Description Overview When LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all...

6.8CVSS5.9AI score0.00094EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38301

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description When LDAP TLS is enabled via the LDAP USE TLS variable, the LDAP authentication module in the bind function unconditionally disables TLS certificate verification at the global ldap module level. This...

6.8CVSS5.9AI score0.00094EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/20 9:22 p.m.4 views

CVE-2026-30836

A flaw was found in Step CA, an online certificate authority. A remote attacker can exploit this vulnerability by sending an unauthenticated SCEP Simple Certificate Enrollment Protocol Update Request. This allows the attacker to issue unauthorized certificates, potentially leading to a compromise...

10CVSS5.8AI score0.00296EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-42067

Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...

4.3CVSS6.9AI score0.00389EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3089

Malware in sbrugna...

6.4CVSS5.8AI score0.01153EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2000-1062

Malware in sbrugna...

10CVSS6.4AI score0.01584EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.7 views

CVE-2022-42069

Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...

5.4CVSS6.1AI score0.00316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.10 views

CVE-2022-42071

Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting XSS Vulnerability...

6.1CVSS6.1AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:52 p.m.6 views

CVE-2022-42070

Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery CSRF...

8.8CVSS6.9AI score0.00331EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.4 views

PT-2022-26231 · Unknown · Online Birth Certificate Management System

Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The issue is related to a persistent Cross Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the system, which will be executed ...

5.4CVSS5.1AI score0.00316EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.12 views

CVE-2022-42067

Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...

4.7AI score0.00389EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.8 views

CVE-2022-42071

Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting XSS Vulnerability...

6AI score0.00347EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.4 views

PT-2022-26234 · Unknown · Online Birth Certificate Management System

Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The Online Birth Certificate Management System is affected by a Cross Site Scripting XSS issue. This allows an attacker to inject malicious scripts into the system, potential...

6.1CVSS6.1AI score0.00347EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/10/14 12:0 a.m.17 views

CVE-2022-42069

Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...

5.5AI score0.00316EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.6 views

CVE-2022-42069

Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...

5.3AI score0.00316EPSS
Exploits1References2
CVE
CVE
added 2022/10/14 12:0 a.m.48 views

CVE-2022-42070

Online Birth Certificate Management System version 1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability. The root cause is CSRF protection insufficiency that could allow an attacker to perform unintended actions in an authenticated user context. The case is discussed across multip...

8.8CVSS8.6AI score0.00331EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.4 views

PT-2022-26230 · Unknown · Online Birth Certificate Management System

Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability. This means that the system may allow unauthorized access to sensitive information by...

4.3CVSS4.3AI score0.00389EPSS
Exploits1References6
CVE
CVE
added 2022/10/14 12:0 a.m.42 views

CVE-2022-42069

CVE-2022-42069 affects Online Birth Certificate Management System version 1.0. The Connected documents corroborate a persistent Cross-Site Scripting (XSS) vulnerability in this software, including references noting stored XSS and the vulnerable version. The available data do not specify root caus...

5.4CVSS5.3AI score0.00316EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/10/14 12:0 a.m.51 views

CVE-2022-42067

CVE-2022-42067 concerns an Insecure Direct Object Reference (IDOR) vulnerability in the Online Birth Certificate Management System version 1.0. The available documents identify the affected product and vulnerability class but do not provide deeper root-cause details, exploit vectors, or explicit ...

4.3CVSS4.7AI score0.00389EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.3 views

PT-2022-26233 · Unknown · Online Birth Certificate Management System

Name of the Vulnerable Software and Affected Versions: Online Birth Certificate Management System version 1.0 Description: The issue concerns a Cross Site Request Forgery CSRF problem. This means an attacker could potentially trick a user into performing unintended actions on the system...

8.8CVSS8.6AI score0.00331EPSS
Exploits1References6
Rows per page
Query Builder