Lucene search
K

538 matches found

Cvelist
Cvelist
added 10 hours ago6 views

CVE-2026-56451

A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...

10CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56709

Name of the Vulnerable Software and Affected Versions UAA versions prior to v78.13.0 Cf-deployment versions prior to v56.2.0 Description A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA. This allows the attack...

9.3CVSS6.1AI score0.00132EPSS
Exploits0References3
NVD
NVD
added last week6 views

CVE-2026-46354

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS0.0026EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 5:48 p.m.28 views

CVE-2026-50160

Hoppscotch self-hosted deployments (Hoppscotch-backend

10CVSS6.1AI score0.0059EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/29 1:23 p.m.8 views

EUVD-2026-40094

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53753

Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.4.0 Description An input validation weakness exists in the IPv6 Neighbor Discovery handlers within subsys/net/ip/ipv6 nbr.c. The functions handle ra input, handle ns input, and handle na input use an incorrect boolea...

8.1CVSS5.9AI score0.00205EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39567

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 10:17 p.m.10 views

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS0.00181EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 9:32 p.m.22 views

CVE-2026-7511 PKCS7_verify signer confusion allows forged signatures to be accepted

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

5.9CVSS0.00171EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.8 views

org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.31 views

CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:4 a.m.14 views

EUVD-2026-38731

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51738

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.6.2 Description Improper output neutralization for logs in upKeeper Instant Privilege Access on Windows enables Log Injection, Tampering, and Forging. This occurs when the application fails...

7.9CVSS5.8AI score0.00264EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 1:48 p.m.35 views

CVE-2026-35019

NetComm NF20MESH routers with firmware R6B031 and earlier are affected by an authentication bypass in the web management interface. The root cause is a hardcoded AES-256 key used to encrypt session cookies; an attacker can forge a valid encrypted cookie with the shared key to bypass authenticatio...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.13 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...

9.1CVSS6.5AI score0.02719EPSS
Exploits0References32
EUVD
EUVD
added 2026/06/21 1:26 p.m.9 views

EUVD-2026-38170

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 7:18 p.m.15 views

CVE-2026-53871

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...

8.6CVSS0.00365EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 1:26 p.m.12 views

CVE-2026-34181

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

7.4CVSS7.2AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 12:52 p.m.24 views

CVE-2026-34182

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.5AI score0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

Apache Cordova Plugin InAppBrowser 输入验证错误漏洞

Apache Cordova Plugin InAppBrowser is an embedded browser plugin developed by the Apache Foundation. Versions 3.1.0 to 6.0.0 of Apache Cordova Plugin InAppBrowser contain a vulnerability related to input validation errors. This vulnerability stems from insufficient format validation of the id fie...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References2
Rows per page
Query Builder