Lucene search
K

6963 matches found

CVE
CVE
added yesterday3 views

CVE-2026-14124

CVE-2026-14124 affects Google Chrome on Windows, prior to version 150.0.7871.47, where an inappropriate CredentialProvider implementation enables a local attacker to achieve OS-level privilege escalation via a malicious file. Root cause: flawed CredentialProvider handling in Chrome on Windows. Af...

5.8AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40305

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-8451

CVE-2026-8451 describes insufficient input validation in NetScaler ADC and NetScaler Gateway, causing a memory overread when configured as a SAML IDP. Affected products are NetScaler ADC and NetScaler Gateway; root cause is input validation weaknesses leading to memory overread. The CVSS metrics ...

8.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-8451 Insufficient input validation leading to memory overread

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-12388 Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-12388

CVE-2026-12388 affects Keycloak’s Identity Provider (IdP) mapper component. A restricted administrator can abuse a misconfigured or specifically a Hardcoded Role mapper to assign high-privilege roles (e.g., realm-admin) to themselves or other users, bypassing security checks and gaining full cont...

6.5CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-40301

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40297

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS5.8AI score0.00052EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday16 views

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.4AI score0.06139EPSS
Exploits1References5
Chainguard
Chainguard
added 5 days ago5 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-rds, kueue-fips, crossplane-provider-aws-secretsmanager, crossplane-provider-aws-s3-fips, agentbeat-fips, crossplane-provider-azure-storagesync, crossplane-provider-aws-dynamodb, crossplane-provider-aws-route53resolver,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 5 days ago4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kine, zot, istio, tekton-pipelines, gitlab-kas, argo-workflows-fips, frankenphp-8.5, trivy-operator, rancher-agent, trivy-fips, seaweedfs-rocksdb, kyverno-fips, seaweedfs-rocksdb-fips, zarf, frankenphp-8.4, containerd, skaffold-fips, coder, backup-restore-operator,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago6 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: chisel, k9s, cert-manager, kubernetes-dashboard, zot, nerdctl, skaffold, opentelemetry-collector, cilium-cli, helm, osv-scanner, containerd, spire-server, cloud-provider-aws, kubescape, flux, gitlab-kas, flux-source-controller, prometheus-operator, kine, mattermost,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: gomplate, chisel, k8sgpt, argo-events, k9s, mods, guac, nerdctl, podman, cilium-cli, falcoctl, osv-scanner, act, crossplane-provider-azure-storage, eksctl, docker-cli-buildx, pulumi-kubernetes-operator, cloud-provider-aws, kubescape, flux-source-controller,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: cert-manager, kubernetes-dashboard, zot, nerdctl, podman, opentelemetry-collector, cilium-cli, helm, docker-cli-buildx, containerd, spire-server, cloud-provider-aws, flux, gitlab-kas, prometheus-operator, kine, mattermost, argo-cd, teleport, rancher-agent, kubernetes...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: gomplate, k9s, argo-events, guac, nerdctl, podman, cilium-cli, osv-scanner, act, docker-cli-buildx, pulumi-kubernetes-operator, cloud-provider-aws, kubescape, flux-source-controller, prometheus-operator, external-secrets-operator, scorecard, kubernetes,...

5.8AI score
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39797

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-56823 AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder