Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-59713

CVE-2026-59713 (Leantime) describes an OIDC login CSRF vulnerability in the verifyState() method, where the function unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs with attacker-controlled authorization codes to perform ses...

8.6CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 2014/10/27 1:0 a.m.26 views

CVE-2014-2988

EGroupware Enterprise Line EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the calluserfunc PHP function, as demonstrated using th...

7.1AI score0.0184EPSS
Exploits5References4
F5 Networks
F5 Networks
added 2014/10/23 12:0 a.m.24 views

SOL15730 - OpenSSH vulnerability

The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...

6CVSS5.9AI score0.0267EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2013/11/08 12:0 a.m.22 views

CVE-2013-4548

The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...

6CVSS7.2AI score0.0267EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 1970/01/01 12:0 a.m.17 views

PT-2013-6355 · Openssh +4 · Openssh +4

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 6.2 through 6.3 Description: The issue allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. This is due to the mm newkeys fro...

10CVSS7.4AI score0.99506EPSS
Exploits207References347
Rows per page
Query Builder