Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56784

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 12:13 p.m.12 views

EUVD-2026-38444

OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong ...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:43 p.m.13 views

OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

6AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/30 5:8 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the OCI registry token exchange function when the realm URL from the WWW-Authenticate header is not validated for scheme, hostname, or IP range. An attacker can cause the application to make...

9.1CVSS6AI score0.00253EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

6.8CVSS9.1AI score0.01439EPSS
Exploits0References3
NVD
NVD
added 2013/12/07 12:55 a.m.21 views

CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

6.8CVSS6.1AI score0.01439EPSS
Exploits0References9
Cvelist
Cvelist
added 2013/12/07 12:0 a.m.28 views

CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

5.9AI score0.01439EPSS
Exploits0References9
Rows per page
Query Builder