12667 matches found
Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass
Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...
CVE-2026-53513
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-53513
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-53513
CVE-2026-53513 affects the @better-auth/sso plugin for Better Auth. When skipDiscovery: true is set, POST /sso/register and POST /sso/update-provider may store attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs without origin validation, leading to server-side r...
CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...
CVE-2026-13230
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...
CVE-2026-13230
The CVE-2026-13230 entry concerns TP-Link Kasa EC70 v4 and EC71 v4. The issue lies in the local discovery mechanism, where geolocation-related data can be retrieved without authentication. Affects confidentiality only; no evidence of integrity or availability impact is reported. Exploitation cont...
CVE-2026-13230 Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...
CVE-2026-48320
creationtimestamp| type| source ---|---|--- 2026-07-14 23:33:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnelqe7pw25 2026-07-15 18:42:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpeqzsbtx2y 2026-07-16 18:37:07+00:00| seen|...
CVE-2026-50480
Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol WPAD allows an authorized attacker to elevate privileges locally...
CVE-2026-49800
Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol WPAD allows an authorized attacker to elevate privileges locally...
CVE-2026-50480 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability
...
CVE-2026-50480 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability
...
CVE-2026-50480
Windows Web Proxy Auto-Discovery Protocol (WPAD) has a heap-based buffer overflow vulnerability (CVE-2026-50480) that can be exploited by an authenticated local attacker to achieve privilege escalation. The issue affects WPAD in Windows, with the root cause described as a heap-based overflow in W...
CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability
...
CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability
...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability (CVE-2026-11714)
Summary IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details CVEID:CVE-2026-11714 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-sid...
EUVD-2026-43537
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
PT-2026-58455
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow exists in the Windows Web Proxy Auto-Discovery Protocol WPAD. This flaw allows an authorized attacker with local access to elevate their privileges on the system....