Lucene search
K

4 matches found

CVE
CVE
added 2026/06/18 4:13 p.m.25 views

CVE-2026-54105

The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.20 views

CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS0.004EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:12 p.m.27 views

CVE-2026-54103

CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50706

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

5.1CVSS5.8AI score0.00289EPSS
Exploits0References8
Rows per page
Query Builder