Lucene search
K

10 matches found

NVD
NVD
added 58 minutes ago2 views

CVE-2026-56665

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-8800 Cross-Org External Token Metadata accessible to AuditUser role

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/19 11:13 p.m.4 views

CVE-2026-22797

A flaw was found in OpenStack keystonemiddleware. The externaloauth2token middleware fails to properly sanitize incoming authentication headers. An authenticated attacker can exploit this by sending forged identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id. This can lead to...

9.9CVSS5.3AI score0.00575EPSS
Exploits0References5
NVD
NVD
added 2026/01/19 6:16 p.m.10 views

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

9.9CVSS0.00575EPSS
Exploits0References14
Snyk
Snyk
added 2026/01/19 5:46 p.m.6 views

Authentication Bypass by Spoofing

Overview Affected versions of this package are vulnerable to Authentication Bypass by Spoofing in the externaloauth2token middleware. An attacker can gain unauthorized access or escalate privileges by sending forged authentication headers such as X-Is-Admin-Project, X-Roles, or X-User-Id...

9.9CVSS5.8AI score0.00575EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/19 12:0 a.m.3 views

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

9.9CVSS5.5AI score0.00575EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/19 12:0 a.m.18 views

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

9.9CVSS0.00575EPSS
Exploits0References2
OSV
OSV
added 2022/09/14 6:15 p.m.3 views

UBUNTU-CVE-2022-35947

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could...

10CVSS7.4AI score0.00945EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.5 views

PT-2022-7405 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.3 Description: The issue is related to a SQL injection attack that could allow an attacker to simulate an arbitrary user login. This is due to the lack of protection measures for the SQL query structure. The...

10CVSS6.9AI score0.99628EPSS
Exploits40References203
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.4 views

IBM Security Verify Information Queue 信息泄露漏洞

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. Leverages Kafka technology and a publish/subscribe model to integrate data between IBM Security products. IBM Security Verify Information Queue version 10.0.2 is vulnerable to an information disclosure...

6.5CVSS5.6AI score0.00636EPSS
Exploits0References4
Rows per page
Query Builder