Lucene search
K

8 matches found

OSV
OSV
added 3 days ago6 views

PYSEC-2026-534 Sentry's improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...

9.1CVSS5.8AI score0.00623EPSS
Exploits0References8
CVE
CVE
added 2026/06/22 3:20 p.m.10 views

CVE-2026-8934

The CVE-2026-8934 describes a Missing Authorization vulnerability in a GraphQL private API operation within Google App Engine Cloud Console, enabling an unauthenticated attacker to leak sensitive App Engine request logs from other projects via a crafted request. Affected component: Google Cloud C...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/16 10:30 a.m.39 views

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours...

9.8CVSS6.6AI score0.48668EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.4 views

Photon OS 4.0: Expat PHSA-2026-4.0-1002

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.5CVSS5.2AI score0.00216EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/08 4:17 p.m.5 views

CVE-2025-46414 EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

9.2CVSS6.8AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:25 p.m.9 views

CVE-2025-5029

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...

5.5CVSS6.8AI score0.00417EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/04/27 8:34 a.m.3 views

How An Image Could've Let Attackers Hack Microsoft Teams Accounts

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw,...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/07/12 12:0 a.m.12 views

Solaris 9 (sparc) : 112922-02

SunOS 5.9: krb5 lib Patch. Date this patch was last updated by Sun : Apr/24/03 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/20. C Tenable Network Security, Inc. if ! definedfunc"bnrandom"...

Exploits0References1
Rows per page
Query Builder