Lucene search
K

17849 matches found

EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-41629

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

5.9AI score
Exploits0References5
Nuclei
Nuclei
added 20 hours ago39 views

WordPress Copyright Proof <=4.16 - Cross-Site-Scripting

WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...

6.1CVSS6.3AI score0.00922EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 20 hours ago7 views

CVE-2026-54431

A flaw was found in liboauth2. The Demonstrating Proof-of-Possession DPoP verifier incorrectly accepts a malformed DPoP proof. This proof contains private key material in its JSON Web Key JWK header, which should be rejected according to RFC 9449. This vulnerability could allow an attacker to...

5.3CVSS5.8AI score
Exploits0References6
Circl
Circl
added yesterday4 views

CVE-2026-50027

creationtimestamp| type| source ---|---|--- 2026-07-02 16:35:08+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-84hp-mqvj-3p8h 2026-07-03 03:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116853809243699371...

5.8AI score
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday33 views

CVE-2026-54431 Improper Data Validation in liboauth2

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-54431

CVE-2026-54431 affects the liboauth2 DPoP verifier. The bug allows a DPoP proof whose JWK header embeds private key material to be accepted, violating RFC 9449 section 4.3 step 7, because the function oauth2_token_verify() returns success for a malformed DPoP proof that embeds the private EC key ...

5.1CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score
Exploits0References4
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score
Exploits0
EUVD
EUVD
added yesterday9 views

EUVD-2026-41277

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2 days ago2 views

GHSA-XGJW-PM74-86Q4 sigstore-js has Insufficient Verification of Data Authenticity

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 4 days ago5 views

PYSEC-2026-477 PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References6
Fedora
Fedora
added 6 days ago2 views

[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44

Simple JavaScript proof-of-work based access for Nginx with virtually no over head...

9.2CVSS7AI score0.03299EPSS
Exploits4
Circl
Circl
added 2026/06/26 8:35 p.m.7 views

CVE-2026-48755

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:12+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4 2026-07-01 02:15:18+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpkh3n7jjr2b 2026-07-01 02:31:46+00:00...

5.7AI score
Exploits0References3
Circl
Circl
added 2026/06/26 8:35 p.m.8 views

CVE-2026-48769

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:07+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x 2026-07-01 02:15:18+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpkh3n7jjr2b 2026-07-01 02:31:46+00:00...

5.7AI score
Exploits0References3
Circl
Circl
added 2026/06/25 10:35 p.m.6 views

CVE-2026-48529

creationtimestamp| type| source ---|---|--- 2026-06-25 22:35:05+00:00| published-proof-of-concept| https://github.com/github/github-mcp-server/security/advisories/GHSA-pjp5-fpmr-3349 2026-06-26 18:26:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7l26lvbx2l...

6CVSS5.8AI score0.00205EPSS
Exploits0References2
Circl
Circl
added 2026/06/24 6:35 p.m.6 views

CVE-2026-48708

creationtimestamp| type| source ---|---|--- 2026-06-24 18:35:07+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-7fq5-7wr8-rjwj 2026-06-24 19:54:03+00:00| seen| https://gist.github.com/alon710/cb59405487e5944ed006860e5bc630ab 2026-06-24...

7.5CVSS5.8AI score0.00401EPSS
Exploits0References3
Circl
Circl
added 2026/06/24 6:35 p.m.5 views

CVE-2026-48709

creationtimestamp| type| source ---|---|--- 2026-06-24 18:35:05+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-f637-w7p2-m7fx 2026-06-24 18:43:21+00:00| seen| https://gist.github.com/alon710/f2b2f51072808beda8e52a43b0bdd064 2026-06-24...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References3
Circl
Circl
added 2026/06/24 6:35 p.m.6 views

CVE-2026-53541

creationtimestamp| type| source ---|---|--- 2026-06-24 18:35:02+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-prj9-97mp-mwh2...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/23 9:17 p.m.6 views

CVE-2026-47386

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS0.00197EPSS
Exploits0References1
Rows per page
Query Builder