Lucene search
K

12 matches found

CVE
CVE
added 2026/06/22 5:39 p.m.18 views

CVE-2026-53663

React Router (v7 Framework Mode) is affected in versions 7.12.0–7.15.0 where CSRF checks run on POST but not on PUT/PATCH/DELETE; this could enable cross-origin state changes. The issue is considered low severity due to browser protections (CORS preflight, SameSite cookies). It has been fixed in ...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 8:47 p.m.4 views

GHSA-48PQ-2XQ3-C2M4 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...

7.4CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2026/04/24 2:13 a.m.8 views

EUVD-2026-25380

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS5.5AI score0.00472EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 9:23 p.m.5 views

GHSA-PRP4-2F49-FCGP Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/23 9:23 p.m.9 views

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34822

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.4.0 Description Authenticated users, including those with the BASIC role, can escalate their privileges to ADMIN on servers that migrated from password authentication to OpenID Connect. This is possible through an...

8.8CVSS5.4AI score0.00472EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/04/08 9:2 p.m.17 views

CVE-2026-39901 monetr: Protected Transactions Deletable via PUT

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS0.00292EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2025/12/07 12:0 a.m.13 views

Fixed in Apache Tomcat 9.0.113

Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...

9.1CVSS5.6AI score0.00494EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/08/25 5:0 p.m.41 views

CVE-2025-57772

CVE-2025-57772 affects DataEase prior to 2.10.12. A H2 JDBC RCE bypass exists where the getJdbcUrl method can return the JdbcUrl parameter, bypassing H2 filtering and allowing the JDBC URL to specify the driver (e.g., driver: org.h2.Driver) for the connection. This leads to potential remote code ...

9.8CVSS6.5AI score0.08217EPSS
Exploits1References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/07/14 12:0 a.m.26 views

VulnCheck KEV: CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.5AI score0.79415EPSS
In wildExploits31References2
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.4 views

Radware Cloud Web Application Firewall 安全漏洞

Radware Cloud Web Application Firewall is a cloud-based web application firewall from Radware Israel. A security vulnerability exists in Radware Cloud Web Application Firewall versions prior to 2025-05-07, which originates in the HTTP GET method where the body of the HTTP request contains random...

9.1CVSS8.6AI score0.00543EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/04/17 9:28 a.m.5 views

OpenJDK: method handle call hierachy bypass (Libraries, 8032686)

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries...

4.3CVSS7.4AI score0.02725EPSS
Exploits0References5
Rows per page
Query Builder