Lucene search
+L

11 matches found

cvelist
cvelist
added 2 days ago32 views

CVE-2026-59259 n8n - Permission Bypass via Expression Parser Mismatch in External Secrets

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS0.00344EPSS
Exploits0References2
redhat
redhat
added 2026/06/22 9:1 p.m.5 views

openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References7
cve
cve
added 2026/05/01 12:0 a.m.21 views

CVE-2026-43001

CVE-2026-43001 affects OpenStack Keystone (versions 13–29) where POST /v3/credentials does not validate that the caller-supplied project_id for an EC2-type credential matches the authenticating application credential’s project. An attacker with an unrestricted app_cred for project A can create an...

8CVSS5.8AI score0.00456EPSS
Exploits1References7Affected Software1
redhatcve
redhatcve
added 2026/04/13 7:37 p.m.8 views

CVE-2026-33551

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/10/31 10:7 p.m.8 views

CVE-2024-13994

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

9.8CVSS6.8AI score0.00837EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6917

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00386EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/09/26 12:0 a.m.5 views

PT-2025-39666

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description A flaw exists in Rancher Manager that allows sensitive information...

9.9CVSS6.5AI score0.02829EPSS
Exploits11References46
githubexploit
githubexploit
added 2025/09/05 10:34 a.m.301 views

Exploit for CVE-2025-49388

CVE-2025-49388 WordPress Miraculous Core Plugin Plugin OPTI...

9.8CVSS7AI score0.05027EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/23 8:1 a.m.9 views

CVE-2024-29941

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption...

8CVSS7.2AI score0.00113EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:36 p.m.14 views

CVE-2020-28872

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/installation/register.php allows an unauthorized person to create valid credentials...

9.8CVSS6.7AI score0.03318EPSS
Exploits3
osv
osv
added 2024/09/20 7:7 p.m.9 views

CVE-2024-45793 Cross-site Scripting from in Confidant API call

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

4.8CVSS5.8AI score0.00347EPSS
Exploits0References6
Rows per page
Query Builder