Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/24 7:23 p.m.8 views

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

7.1CVSS5.4AI score0.00212EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-35070

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.6.5 Description The OAuth client creation endpoints failed to invoke the hook associated with the clientPrivileges option before persisting new clients. Consequently, deployments intended to restrict client...

7.1CVSS5.3AI score0.00212EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-7246

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00704EPSS
Exploits1References5
NVD
NVD
added 2025/07/29 1:15 p.m.29 views

CVE-2025-6505

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access. Whe...

8.1CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2025/02/13 7:9 p.m.22 views

MGASA-2025-0062 Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong. CVE-2025-22376...

5.3CVSS5.3AI score0.00585EPSS
Exploits0References3
OSV
OSV
added 2024/09/04 6:7 p.m.16 views

GHSA-C34R-238X-F7QX Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9.2AI score0.01342EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/09/04 6:7 p.m.21 views

Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9AI score0.01342EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.5 views

PT-2023-5260 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 22.0.0 through 22.2.10.12 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0 through 24.0.12.4 Nextcloud Server versions 25.0.0 through 25.0.8 Nextcloud Server versions 26.0.0 through...

9.8CVSS5.7AI score0.01041EPSS
Exploits6References94
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.25 views

Cloud Foundry denial of service vulnerability

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack...

7.5CVSS7AI score0.01581EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2017/03/10 1:59 a.m.16 views

Design/Logic Flaw

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack...

5CVSS7.4AI score0.01581EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder