Lucene search
+L

13464 matches found

CVE
CVE
added yesterday8 views

CVE-2026-63094

SigNoz up to version 0.133.0 contains an open redirect in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from users on instances configured with Google OAuth, SAML, or OIDC. An attacker can call the unauthenticated sessions context endpoint with a ref pa...

8.1CVSS5.4AI score
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-45177

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS5.4AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-15943

A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...

5.5CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15943 Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45164

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.4AI score
Exploits0References2
Nuclei
Nuclei
added yesterday72 views

InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

9.8CVSS5.4AI score0.05794EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday160 views

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

5.3CVSS5.7AI score0.81875EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday157 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS7.5AI score0.02862EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday67 views

iSpy 7.2.2.0 - Authentication Bypass

iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-29775 info: name: iSpy 7.2.2.0 - Authentication Bypass author: arafatansari severity: critical...

9.8CVSS8.6AI score0.60667EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday65 views

MCPJam Inspector - Remote Code Execution

MCPJam inspector is the local-first development platform for MCP servers. The Latest version 1.4.2 and earlier are vulnerable to a remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. id:...

9.8CVSS6.5AI score0.43671EPSS
Exploits35References3
Nuclei
Nuclei
added yesterday39 views

WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS5.3AI score0.04156EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday62 views

Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion

Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the...

7.5CVSS7.2AI score0.05879EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday130 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.2AI score0.04055EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday124 views

RStudio Connect - Open Redirect

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. id: CVE-2022-38131 info: name: RStudio Connect - Open Redirect author: xxcdd severity: medium description: | RStudio Connect prior to...

6.1CVSS6.2AI score0.01343EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60741

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60776

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS5.4AI score
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44974

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS6.1AI score0.00134EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-6511

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS6.1AI score0.00134EPSS
Exploits0References3
Rows per page
Query Builder