Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53086

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.4 views

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

9.1CVSS6AI score0.006EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/12 7:25 p.m.3 views

CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

9.1CVSS6AI score0.006EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/12 7:25 p.m.29 views

CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

9.1CVSS0.006EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7892

Name of the Vulnerable Software and Affected Versions authentik versions 2021.3.1 through 2025.8.6 authentik versions 2025.10.4 authentik versions 2025.12.4 Description authentik is an open-source identity provider. When using delegated permissions, a user with the permission 'Can view Property...

9.1CVSS6.4AI score0.006EPSS
Exploits0References13
The Hacker News
The Hacker News
added 2023/02/01 5:30 a.m.46 views

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...

0.7AI score
Exploits0
Rows per page
Query Builder