Lucene search
+L

1454 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-63098

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45196

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS5.4AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-63098 TheHive 4.1.24 Unauthenticated Information Disclosure via /api/status Endpoint

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS0.00244EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-63098

The Hive 4.1.24 has an unauthenticated information-disclosure flaw exposed via GET /api/status (StatusCtrl.scala), enabling attackers without credentials to read sensitive configuration data. Affected items include the datastore attachment protection password, configured authentication providers,...

6.9CVSS5.4AI score0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score0.00207EPSS
Exploits0References3
OSV
OSV
added 2 days ago5 views

RHSA-2026:40895 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Bulletin has no description...

8.1CVSS4.8AI score0.00695EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60791

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS5.3AI score0.00244EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago11 views

SUSE SLES15: terraform-provider-aws / terraform-provider-azurerm / etc (SUSE-SU-2026:3056-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:3056-1 advisory. This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google,...

10CVSS6.8AI score0.04561EPSS
Exploits3References126
OSV
OSV
added 4 days ago5 views

SUSE-SU-2026:3056-1 Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-null, terraform-provider-random, terraform-provider-tls

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-null, terraform-provider-random, terraform-provider-tls fixes the...

10CVSS6.8AI score0.04561EPSS
Exploits3References85
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score0.00371EPSS
Exploits0References3
NVD
NVD
added 2026/07/12 12:16 p.m.10 views

CVE-2026-56336

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS0.00205EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/12 12:0 a.m.6 views

SUSE SLES15: terraform-provider-aws / terraform-provider-azurerm / etc (SUSE-SU-2026:2850-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2850-1 advisory. This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google,...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 7:55 p.m.4 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/07/10 12:48 p.m.5 views

Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls fixes the following issue...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 12:47 p.m.1 views

SUSE-SU-2026:2850-1 Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls fixes the following issue -...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/07/09 8:30 p.m.9 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: metrics-server-fips, longhorn-engine, spicedb-operator-fips, eck-operator-fips, crossplane-provider-aws-schemas, kubernetes-dashboard-auth-fips, crossplane-provider-azure-managedidentity, reports-server, grept, karpenter, databricks-cli,...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/07/09 4:1 a.m.17 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/08 2:17 a.m.7 views

CVE-2026-53227 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-azure, linux-qemu, linux-vmware, linux-gcp...

5.5CVSS5.1AI score0.00136EPSS
Exploits0
Snyk
Snyk
added 2026/07/06 9:22 p.m.9 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization due to missing authentication checks on several API endpoints, including /api/providers, /api/usage/stats, /api/usage/request-logs, and...

9.8CVSS6.1AI score0.01905EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/02 8:47 p.m.11 views

SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

Summary SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login. If a saved SP state contains ExpectedIssuer = IdP A, but the ACS receives a valid response from IdP B, the code logs a warning and continues processing instead of rejecting the response. That...

7.1CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder