Lucene search
+L

434 matches found

euvd
euvd
added yesterday5 views

EUVD-2026-44843

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS6.2AI score0.00266EPSS
Exploits1References3
nvd
nvd
added 2 days ago7 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS0.00266EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2 days ago8 views

PT-2026-60330

Name of the Vulnerable Software and Affected Versions xxl-job-admin version 3.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web application. This occurs because a specific endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods through a permissive...

6.2AI score0.00266EPSS
Exploits1References4
cvelist
cvelist
added 2 days ago34 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

0.00266EPSS
Exploits1References2
packetstorm
packetstorm
added 2 days ago14 views

📄 xxl-job Cross Site Request Forgery

xxl-job versions prior to 3.4.0 suffer from a cross site request forgery vulnerability. Description Summary A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The...

9.1CVSS5.7AI score0.00266EPSS
Exploits1
cvelist
cvelist
added 2026/07/09 7:9 a.m.34 views

CVE-2026-57111 Apache Helix REST: Permissive CORS Configuration in REST API Allows Unrestricted Cross-Origin

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

0.00269EPSS
Exploits0References1
cve
cve
added 2026/07/08 4:30 a.m.16 views

CVE-2026-9842

The CVE-2026-9842 entry concerns the Backstage - Customizer Demo Access plugin for WordPress (up to version 1.4.2). The root cause is that the plugin assigns the manage_options capability to the backstage_customizer_user demo role, which is more permissive than required for a Demo Access/Customiz...

7.5CVSS6AI score0.00256EPSS
Exploits0References3
osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-2004 vantage6's CORS settings overly permissive

Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies Patches No Workarounds No...

4.2CVSS5.9AI score0.00311EPSS
Exploits0References6
nvd
nvd
added 2026/06/29 10:16 a.m.9 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.0012EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/26 6:13 p.m.39 views

CVE-2026-54753 Nx: `nx graph` dev server permissive CORS policy

Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...

5.9CVSS0.00812EPSS
Exploits0References2
redhat
redhat
added 2026/06/25 6:47 p.m.6 views

keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References4
redhat
redhat
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References4
nvd
nvd
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS0.00166EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References6
euvd
euvd
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39475

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 4:17 p.m.36 views

CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS0.00166EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/25 4:2 p.m.5 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.10 views

PT-2026-52509

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References8
ibm
ibm
added 2026/06/23 6:51 p.m.9 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains (CVE-2026-12084)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. CVE-2026-12084. Vulnerability Details...

7.5CVSS5.9AI score0.00162EPSS
Exploits0Affected Software1
Rows per page
Query Builder