Lucene search
+L

14 matches found

Snyk
Snyk
added 2026/07/02 7:12 p.m.5 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength in the verify process. An attacker can gain unauthorized access and forge arbitrary claims by submitting tokens signed with an empty or null key, which are incorrectly accepted as valid signatures. This is...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-55202

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 0.15.2 Fleet versions prior to 0.14.6 Fleet versions prior to 0.13.11 Fleet versions prior to 0.12.15 Description An issue exists when the webhook endpoint is configured without a secret, allowing unauthenticated...

8.3CVSS5.9AI score0.00506EPSS
Exploits0References11
AlpineLinux
AlpineLinux
added 2026/06/23 7:17 p.m.6 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.38 views

CVE-2026-12093 Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...

5.3CVSS0.00352EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.6 views

PT-2026-53140

praisonai: recipe serve authentication middleware silently disables itself when no secret is set Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai on PyPI Version tested: 4.6.48...

9.8CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.28 views

CVE-2026-28454 OpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram Webhook

OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode must be enabled, allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id...

8.2CVSS0.00255EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/17 9:33 p.m.8 views

OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust

Summary In affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback 127.0.0.1, ::1, ::ffff:127.0.0.1 even when the configured webhook secret was missing or incorrect. This does not affect t...

7.5CVSS5.6AI score0.00319EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-20350

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.13 @openclaw/bluebubbles versions prior to 2026.2.13 Description The optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based solely on the TCP peer address being...

7.5CVSS5.5AI score0.00319EPSS
Exploits0References12
CVE
CVE
added 2025/09/11 7:24 a.m.37 views

CVE-2025-8570

The BeyondCart Connector plugin for WordPress (versions 1.4.2 through 2.1.0) is affected by Privilege Escalation due to improper JWT secret management and authorization in the determine_current_user filter. This allows unauthenticated attackers to craft valid JWTs and impersonate any user (includ...

9.8CVSS5.9AI score0.00596EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/04/30 9:1 p.m.5 views

libreswan: Missing PreSharedKey for connection can cause crash

A flaw was found in Libreswan. This issue causes Libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret, and the connection cannot find a matching configured secret. When automatically added on startup using the auto= keyword,...

6.5CVSS5.7AI score0.00944EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/30 9:0 p.m.4 views

libreswan: Missing PreSharedKey for connection can cause crash

A flaw was found in Libreswan. This issue causes Libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret, and the connection cannot find a matching configured secret. When automatically added on startup using the auto= keyword,...

6.5CVSS5.7AI score0.00944EPSS
Exploits0References6
OSV
OSV
added 2024/04/12 11:7 a.m.3 views

OESA-2024-1409 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS7.1AI score0.00944EPSS
Exploits0References2
NVD
NVD
added 2024/03/11 8:15 p.m.29 views

CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS6AI score0.00944EPSS
Exploits0References4
OSV
OSV
added 2024/03/11 8:15 p.m.1 views

DEBIAN-CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS5.8AI score0.00944EPSS
Exploits0References1
Rows per page
Query Builder