Lucene search
+L

707 matches found

EUVD
EUVD
added 3 days ago12 views

EUVD-2026-45010

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked...

3.5CVSS6.1AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-47087

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked...

3.5CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-47087

The CVE affects cyrus-imapd (Cyrus IMAP) up to version 3.12.2, where URLAUTH does not honor revoked authorizer access; a URLAUTH URL minted while access was valid remains usable after revocation. This could enable continued access to previously authorized resources. A fix is available in the 3.12...

3.5CVSS6.1AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-9636

CVE-2026-9636 affects Rockwell CompactLogix 5380, ControlLogix 5580, and EN4 communications modules. The issue is in CIP Security certificate revocation handling: the controller may fail to reject certificates signed by intermediates that have been revoked via a CRL, potentially allowing a networ...

8.2CVSS6AI score0.0014EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-59818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls t...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 5:17 p.m.7 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/09 4:43 p.m.6 views

EUVD-2026-42625

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/09 4:43 p.m.32 views

CVE-2026-59219 Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
CVE
CVE
added 2026/07/09 4:43 p.m.13 views

CVE-2026-59219

Open WebUI 0.9.0–0.10.0: with Redis configured, the terminal websocket first-message authentication used decode_token without a Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. Fixed in version 0.10.0. This affects realtime endpo...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:43 p.m.9 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/09 6:11 a.m.6 views

CVE-2026-59818

A flaw was found in etcd, a distributed key-value store. When etcd is configured to use separate listeners for HTTP and gRPC client endpoints, the Certificate Revocation List CRL is not properly enforced on the gRPC listener. This oversight allows a client with a revoked certificate to successful...

8.1CVSS5.9AI score0.00319EPSS
Exploits0References12
OSV
OSV
added 2026/07/08 9:0 p.m.4 views

CVE-2026-59818 etcd: gRPC client listener does not enforce `--client-crl-file` certificate revocation

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

6.5CVSS6.1AI score0.00319EPSS
Exploits0References11
Snyk
Snyk
added 2026/07/08 9:0 p.m.7 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 9:0 p.m.15 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 9:0 p.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 9:0 p.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 9:0 p.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 8:33 p.m.6 views

CVE-2026-57172 DataEase: Hardcoded JWT Signing Secret in ShareLink

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS5.9AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 7:33 p.m.16 views

CVE-2026-44362

OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...

5.5CVSS6AI score0.00122EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 4:16 p.m.13 views

CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS0.00087EPSS
Exploits0References1
Rows per page
Query Builder