Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.11 views

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00214EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/11 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview @opensearch-project/opensearch is a community-driven, open source fork of elasticsearch-js licensed under the Apache v2.0 License. For more information, see opensearch.org. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2025/12/04 10:15 p.m.2 views

DEBIAN-CVE-2025-66506

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS6.4AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 10:4 p.m.2 views

CVE-2025-66506 Fulcio allocates excessive memory during token parsing

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS6.6AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54811

Malicious code in bioql PyPI...

4.3CVSS5.4AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2024/07/23 5:15 p.m.5 views

CVE-2024-41178

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...

7.5CVSS5.7AI score0.0071EPSS
Exploits0References2
RustSec
RustSec
added 2024/07/23 12:0 p.m.5 views

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...

7.5CVSS7.3AI score0.0071EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-5382 · Apache · Apache Arrow Rust Object Store

Name of the Vulnerable Software and Affected Versions: Apache Arrow Rust Object Store versions 0.10.1 and earlier Description: The issue is related to the exposure of temporary credentials in logs when using AWS WebIdentityTokens with the object store crate. On certain error conditions, the logs...

7.8CVSS7AI score0.0071EPSS
Exploits0References18
OSV
OSV
added 2023/10/20 7:15 a.m.4 views

CVE-2023-4975

The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to chan...

4.3CVSS6.9AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2023/10/20 7:15 a.m.24 views

CVE-2023-4975

The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to chan...

4.3CVSS4.2AI score0.0028EPSS
Exploits0References3
Prion
Prion
added 2023/10/20 7:15 a.m.26 views

Cross site request forgery (csrf)

The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to chan...

4.3CVSS4.2AI score0.0028EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/10/20 6:35 a.m.42 views

CVE-2023-4975

CVE-2023-4975 affects WordPress: Website Builder by SeedProd (Coming Soon/Theme Builder) up to version 6.15.13.1. The issue is CSRF in builder.php due to missing/incorrect nonce validation, enabling unauthenticated attackers to cause a settings update (e.g., changing the Stripe Connect token) by ...

4.3CVSS4.5AI score0.0028EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder