Lucene search
K

113 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 5 days ago17 views

CVE-2026-54801

This CVE affects CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions < V26.20.0). The vulnerability stems from insufficient validation of authentication credentials when processing administrative account modifications via the web API, enablin...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.33 views

CVE-2026-56234 Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS0.00247EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2026-56234

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:45 p.m.6 views

USN-8433-1 keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.7AI score0.00446EPSS
Exploits6References8
NVD
NVD
added 2026/06/10 10:16 p.m.27 views

CVE-2026-0274

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:2 p.m.9 views

CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS5.5AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 9:2 p.m.25 views

CVE-2026-0274

Technical details (affected products, versions, root cause, exploit information) are not publicly provided in the supplied documents. Monitor for updates from official advisories and NVD entries.

9.3CVSS5.5AI score0.00285EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48559

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS5.5AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/22 3:46 p.m.14 views

CVE-2026-43001

A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...

8CVSS5.8AI score0.00446EPSS
Exploits1References5
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.16 views

Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 (Application Build 26.12.48244, Platform Build 26.0.48120)

None None...

7.8CVSS5.8AI score0.00272EPSS
Exploits0
NVD
NVD
added 2026/05/01 9:16 a.m.11 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS0.00446EPSS
Exploits1References6
PyPA
PyPA
added 2026/05/01 9:16 a.m.2 views

PYSEC-2026-602

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS6AI score0.00446EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/04/24 9:11 a.m.6 views

BIT-GITLAB-2026-6515 Insufficient Session Expiration in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.4AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.8 views

SUSE CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a...

4.6CVSS5.8AI score0.00076EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 11:37 a.m.3 views

BIT-PARSE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creation of...

6.9CVSS5.8AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 10:16 p.m.12 views

CVE-2026-33042

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...

6.9CVSS0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 9:54 p.m.3 views

CVE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...

6.9CVSS5.9AI score0.00294EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 9:54 p.m.16 views

CVE-2026-33042

Parse Server (Node.js) is affected prior to versions 9.6.0-alpha.29 and 8.6.49 where a signup can be performed without credentials by submitting an empty authData object, bypassing the username/password requirement. The root cause is that empty or non-actionable authData is treated as present for...

6.9CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder