Lucene search
K

10 matches found

OSV
OSV
added 2026/04/14 8:16 p.m.3 views

DEBIAN-CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.3AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 10:16 p.m.3 views

CVE-2026-4990

A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...

7.5CVSS0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 5:7 p.m.2 views

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/09 8:37 p.m.42 views

org.keycloak.protocol.oidc.grants: Disabled identity providers are still accepted for JWT Authorization Grant

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.7AI score0.00449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.5 views

FUXA contains an insecure default configuration vulnerability

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/03 12:0 a.m.7 views

EUVD-2025-206711

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

5.5AI score0.00463EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper authorization settings that can be exploited by an attacker to use this API when FABADDSECURITYAPI is...

7.6CVSS6.8AI score0.00641EPSS
Exploits0References2
OSV
OSV
added 2019/12/30 6:15 p.m.3 views

UBUNTU-CVE-2019-13465

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. ROSASSERTMSG only works when ROSASSERTENABLED is defined. This leads to a problem in the remove function in clients/roscpp/src/libros/spinner.cpp. When ROSASSERTENABLED is not...

8.6CVSS5.8AI score0.01106EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/09/30 2:15 p.m.4 views

kibana: Audit logging Remote Code Execution issue

An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executi...

9.3CVSS6.4AI score0.03908EPSS
Exploits0References5
Rows per page
Query Builder