Lucene search
K

652 matches found

Snyk
Snyk
added 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.20 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview guardrails-ai is an Adding guardrails to large language models. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tamper...

9.8CVSS5.8AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 10:35 p.m.9 views

CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:6 p.m.12 views

GHSA-95C3-6VVW-4MRQ MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience

SECURITY registry001 Vulnerability Report While analyzing the code logic, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: c5c4b9e8890dd5754bee889b2f1417f4fe3b5ce5 - Vulnerability Type: Authentication bypass via cross-registry OID...

4.7CVSS5.8AI score0.00219EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/08 5:6 p.m.20 views

MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience

SECURITY registry001 Vulnerability Report While analyzing the code logic, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: c5c4b9e8890dd5754bee889b2f1417f4fe3b5ce5 - Vulnerability Type: Authentication bypass via cross-registry OID...

4.7CVSS5.8AI score0.00219EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39215

Name of the Vulnerable Software and Affected Versions Kargo versions prior to 1.7.10 Kargo versions prior to 1.8.13 Kargo versions prior to 1.9.8 Kargo versions prior to 1.10.2 Description Kargo, which manages and automates the promotion of software artifacts, contains an open redirect in the UI...

5.1CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:0 a.m.12 views

EUVD-2026-28283

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 5:1 p.m.8 views

EUVD-2026-27140

Nginx-UI Settings API Exposes Protected Secrets...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/06 5:1 p.m.13 views

Nginx-UI Settings API Exposes Protected Secrets

Summary The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/04 9:16 p.m.47 views

CVE-2026-42223

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...

6.5CVSS0.00295EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/04 8:12 p.m.58 views

CVE-2026-42223 nginx-ui: Settings API Exposes Protected Secrets

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...

6.5CVSS0.00295EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:42 p.m.7 views

CVE-2026-41571

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password:...

9.4CVSS5.7AI score0.00296EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/04 5:20 p.m.8 views

com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +138 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-oidc (>=3.0.0.Alpha1 <=3.20.6)

io.quarkus:quarkus-oidc MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420252...

8.8CVSS5.8AI score0.00444EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/02 5:49 a.m.86 views

Exploit for CVE-2026-41200

CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...

8.5CVSS6.1AI score0.00332EPSS
Exploits1
NVD
NVD
added 2026/04/23 2:16 a.m.5 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS0.00332EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 12:40 a.m.31 views

CVE-2026-41200 STIG Manager has reflected XSS vulnerability in the Web App

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS0.00332EPSS
Exploits1References1
Rows per page
Query Builder