Lucene search
K

10 matches found

OSV
OSV
added 2026/06/18 9:49 a.m.4 views

BIT-MASTODON-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 4:54 p.m.12 views

CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 12:44 p.m.21 views

CVE-2026-4282 Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

7.4CVSS0.00424EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/02 12:44 p.m.2 views

CVE-2026-4282 Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

7.4CVSS5.8AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the lack of proper type and namespace isolation in SingleUseObjectProvider. This vulnerability could allow unverified attackers to forge authorization...

7.4CVSS5.8AI score0.00424EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/09 9:32 p.m.19 views

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

9.3CVSS0.03029EPSS
Exploits8References3
Vulnrichment
Vulnrichment
added 2025/12/09 9:32 p.m.3 views

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

9.3CVSS6.7AI score0.03029EPSS
Exploits8References3
Prion
Prion
added 2010/11/06 12:0 a.m.16 views

Authorization

The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...

7.5CVSS7AI score0.02002EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2010/11/06 12:0 a.m.37 views

CVE-2009-5014

The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...

7.5CVSS5.9AI score0.01357EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2010/11/05 10:0 p.m.33 views

CVE-2009-5014

Removed by vendor...

7.5CVSS6.7AI score0.01357EPSS
Exploits0
Rows per page
Query Builder