Lucene search
+L

276 matches found

ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.15 views

PT-2026-48935

Name of the Vulnerable Software and Affected Versions Capgo Console versions prior to 12.28.2 Description A denial-of-service issue exists in the account deletion flow. An attacker can block authentication and onboarding functions by triggering account deletion while a device identifier is linked...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.15 views

PT-2026-48893

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versions 15.107.2 and 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.21 views

PT-2026-48894

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.17 views

PT-2026-48953

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow platform affected versions not specified Description A flaw in the onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to...

8.8CVSS5.3AI score0.00312EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5808

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/dashboard/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in...

5.3CVSS3.9AI score0.00282EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:19 p.m.12 views

CVE-2026-5464

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboardingkey' transient to a...

7.2CVSS5.6AI score0.00695EPSS
Exploits0References1
githubexploit
githubexploit
added 2026/06/03 12:2 p.m.130 views

Wazuh-Deployment-Vulnerability-Monitoring-PoC

🛡️ Wazuh Deployment & Vulnerability Monitoring PoC Overvie...

7.5CVSS5.8AI score0.00501EPSS
Exploits2
nessus
nessus
added 2026/06/01 12:0 a.m.23 views

RHEL 10 : go-fdo-client and go-fdo-server (RHSA-2026:22141)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22141 advisory. This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard fo...

10CVSS7.3AI score0.00765EPSS
Exploits1References11
osv
osv
added 2026/05/29 4:3 p.m.10 views

RLSA-2026:19139 Important: go-fdo-client security update

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References2
euvd
euvd
added 2026/05/27 5:9 p.m.17 views

EUVD-2026-32602

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS6AI score0.00261EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.13 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the POST...

8.8CVSS5.8AI score0.00261EPSS
Exploits0References2
redhat
redhat
added 2026/05/19 4:11 p.m.13 views

Important: Red Hat Security Advisory: go-fdo-client security update

An update for go-fdo-client is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References2
nessus
nessus
added 2026/05/19 12:0 a.m.19 views

RHEL 10 : go-fdo-server (RHSA-2026:19137)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19137 advisory. This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard fo...

9.8CVSS7.3AI score0.00621EPSS
Exploits0References6
osv
osv
added 2026/05/19 12:0 a.m.20 views

ALSA-2026:19139 Important: go-fdo-client security update

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/15 7:57 p.m.10 views

CVE-2026-44478

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

7.5CVSS5.8AI score0.0024EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 10:16 p.m.19 views

CVE-2026-44478

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

7.5CVSS0.0024EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 9:47 p.m.8 views

CVE-2026-44478

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

9.1CVSS5.8AI score0.00455EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/05/13 9:47 p.m.35 views

CVE-2026-44478 hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

7.5CVSS0.0024EPSS
Exploits0References1
euvd
euvd
added 2026/05/13 9:47 p.m.16 views

EUVD-2026-30201

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

9.1CVSS5.8AI score0.00455EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/13 9:47 p.m.9 views

CVE-2026-44478 hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

7.5CVSS5.8AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder