Lucene search
+L

1415 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45196

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-63098

The Hive 4.1.24 has an unauthenticated information-disclosure flaw exposed via GET /api/status (StatusCtrl.scala), enabling attackers without credentials to read sensitive configuration data. Affected items include the datastore attachment protection password, configured authentication providers,...

6.9CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-63098 TheHive 4.1.24 Unauthenticated Information Disclosure via /api/status Endpoint

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60791

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS5.3AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2025-6015

Vault and Vault Enterprise's “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.7CVSS5.8AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-56308

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS0.00244EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-43230

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-56308 Capgo - Insufficient Authentication in Email Change Endpoint

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 8:16 p.m.7 views

CVE-2026-55370

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS0.00199EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 8:16 p.m.8 views

CVE-2026-55377

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:57 p.m.14 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:57 p.m.3 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS6.1AI score0.00259EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 7:56 p.m.37 views

CVE-2026-55370 Logto: TOTP code can be replayed within the RFC 6238 validity window (one-time use violation)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 7:56 p.m.7 views

EUVD-2026-43011

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS6.1AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:56 p.m.13 views

CVE-2026-55370

Technical details about CVE-2026-55370 are not publicly available in the provided documents. Monitor for updates.

6.4CVSS6.1AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 7:16 p.m.8 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

6.1CVSS6AI score
Exploits0References1
CVE
CVE
added 2026/07/07 5:29 p.m.15 views

CVE-2026-48949

CVE-2026-48949 affects Joomla! Core — XSS in MFA method management due to lack of input validation in MFA management views. Affected component: core MFA method management in Joomla. Root cause: insufficient validation enabling cross-site scripting. Impact: XSS in MFA management interfaces; exact ...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:29 p.m.33 views

CVE-2026-48949 Joomla! Core - [20260703] - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.8 views

CVE-2026-48949

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 5:29 p.m.7 views

CVE-2026-48949 Joomla! Core - [20260703] - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Rows per page
Query Builder