Lucene search
K

751 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 5:35 p.m.6 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/26 5:35 p.m.15 views

EUVD-2026-31940

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 5:35 p.m.45 views

CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS0.00076EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:35 p.m.20 views

CVE-2026-41164

The CVE concerns nuts-node, the reference implementation of the Nuts spec. Prior to versions 6.2.3 (and 5.4.31 for the 5.x branch), the v1 access token introspection endpoint (/auth/v1/introspect_access_token) validates only standard JWTs, and does not enforce Nuts-specific checks such as JWT typ...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/21 8:33 p.m.8 views

NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement vulnerability discovered by ? in WordPress Npm mcp-server-kubernetes versions 3.6.0...

5.8AI score0.00376EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:33 p.m.14 views

MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...

8.8CVSS6AI score0.00376EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/19 9:23 a.m.19 views

EUVD-2026-30859

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Redos
Redos
added 2026/05/15 12:0 a.m.9 views

ROS-20260515-73-0045

A vulnerability in the Extensions component of the Google Chrome browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface...

4.3CVSS5.8AI score0.00123EPSS
Exploits0
hivepro
hivepro
added 2026/05/12 6:39 a.m.11 views

CISO Guide: Building a Business Case for CTEM

Every CISO knows the frustration: you understand the exposure risk facing your organization, you know that a Continuous Threat Exposure Management program would fundamentally change your security posture, and yet, when budget season arrives, CTEM is one of the first line items questioned. Ready t...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Microsoft Office PowerPoint 访问控制错误漏洞

Microsoft Office PowerPoint is a software tool developed by the American company Microsoft for creating presentation documents PPTs. Microsoft Office PowerPoint has a security vulnerability related to access control. Attackers can exploit this vulnerability to carry out deceptive attacks...

7.1CVSS5.8AI score0.00292EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-7926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.7 views

EUVD-2026-27955

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 7:16 p.m.7 views

CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 6:12 p.m.6 views

CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.37 views

CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:12 p.m.12 views

CVE-2026-7926

CVE-2026-7926 affects Google Chrome’s PresentationAPI prior to Chrome 148.0.7778.96. Description: use-after-free in PresentationAPI could allow a remote attacker to execute arbitrary code in the sandbox via a crafted HTML page. Connected sources indicate the fix is included in the Chrome 148 stab...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 6:12 p.m.5 views

CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/06 6:12 p.m.10 views

CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 5:15 p.m.9 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the /auth/v1/introspectaccesstoken endpoint, which accepts any JWT signed by a key present on the node without validating the JWT type, issuer-to-key binding, or required claims. An...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References2
Rows per page
Query Builder