Lucene search
K

39 matches found

CVE
CVE
added 2026/06/29 6:16 p.m.41 views

CVE-2026-57999

CVE-2026-57999 affects luci-app-tailscale-community. The vulnerability is a command injection in the tailscale.do_login RPC method caused by improper quoting of user-controlled loginserver and loginserver_authkey inside a double-quoted shell command, allowing shell substitutions (e.g., $()) to be...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52651

Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description An authentication bypass exists in the XML-RPC API. The ox.login method returns a session ID cookie in the HTTP headers even when the method returns an error. Because the associated session is not...

4.3CVSS5.8AI score0.00173EPSS
Exploits1References7
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS0.00383EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.6 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References3
NVD
NVD
added 2026/04/24 3:16 a.m.3 views

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS0.00472EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 2:13 a.m.4 views

CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS5.5AI score0.00472EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 2:13 a.m.8 views

EUVD-2026-25380

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS5.5AI score0.00472EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:13 a.m.6 views

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.14 views

actual 访问控制错误漏洞

Actual is a personal finance tool developed by Actual OpenSource. Versions of Actual prior to 26.4.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authorization checks for the /account/change-password endpoint. Combined with the password authentication row...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 9:23 p.m.7 views

GHSA-PRP4-2F49-FCGP Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/23 9:23 p.m.10 views

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.11 views

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive password auth...

8.8CVSS5.7AI score0.00472EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34822

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.4.0 Description Authenticated users, including those with the BASIC role, can escalate their privileges to ADMIN on servers that migrated from password authentication to OpenID Connect. This is possible through an...

8.8CVSS5.4AI score0.00472EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/03/06 10:20 p.m.20 views

Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

Summary The Flowise platform has a critical Insecure Direct Object Reference IDOR vulnerability combined with a Business Logic Flaw in the PUT /api/v1/loginmethod endpoint. While the endpoint requires authentication, it fails to validate if the authenticated user has ownership or administrative...

8.8CVSS5.8AI score0.0045EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.5 views

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 9:47 a.m.32 views

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/11/03 5:7 p.m.4 views

GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00326EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-19048

Malware in sbrugna...

8.1CVSS8AI score0.0086EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-16062

Malware in sbrugna...

8CVSS6.6AI score0.00806EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2007-4531

Malware in sbrugna...

10CVSS6.4AI score0.0419EPSS
Exploits0References6
Rows per page
Query Builder