Lucene search
K

2406 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 6:49 p.m.14 views

nebula-mesh: Session and OIDC state cookies lack the Secure attribute

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

5.6AI score0.00031EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35889

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.5AI score0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.24 views

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

5.3CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48541

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description Cookies in internal/web/session.go and internal/web/oidc.go are configured with HttpOnly and SameSite=Lax but lack the Secure attribute. This allows a session to be disclosed if a plaintext reque...

8.2CVSS5.9AI score0.00031EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Spring Security 加密问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Spring Security has a data manipulation vulnerability, which stems from SAML decryption of SAML responses, as well as SAML logout requests and logout responses whose...

5.3CVSS5.8AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.38 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48310

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.23 Spring Security versions 5.8.0 through 5.8.25 Spring Security versions 6.3.0 through 6.3.16 Spring Security versions 6.4.0 through 6.4.16 Spring Security versions 6.5.0 through 6.5.10 Spring Securi...

5.3CVSS5.2AI score0.00137EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/09 12:0 a.m.5 views

Information Exposure

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Information Exposure via SAML message decryption prior to signature validation. An attacker can use the Service Provid...

6.3CVSS5.4AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 11:9 p.m.8 views

GHSA-273Q-QGH5-WRJ6 nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

7CVSS5.3AI score0.00013EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 11:9 p.m.14 views

nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

5.3AI score0.00013EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47542

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

7CVSS5.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS5.4AI score0.00667EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.16 views

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.4AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

6.1CVSS5.4AI score0.00269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS5.5AI score0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:18 p.m.6 views

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/05 7:18 p.m.30 views

CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.5AI score0.00197EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/05 6:34 p.m.85 views

Dirty-cow-exploit

System Documentation Architecture - Frontend: React 19...

7.2CVSS6AI score0.83524EPSS
Exploits82
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.6AI score0.00667EPSS
Exploits0References4
Rows per page
Query Builder