Lucene search
K

77 matches found

Github Security Blog
Github Security Blog
added 2026/01/23 6:31 p.m.6 views

Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

9.1CVSS5.6AI score0.00307EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/23 4:15 p.m.3 views

CVE-2025-66719

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

9.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/01/08 10:40 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the request.scope in the validateauthorizationrequest function which leads to cache-backed...

8.8CVSS6.3AI score0.00237EPSS
Exploits1References2
Veracode
Veracode
added 2025/10/14 7:19 a.m.6 views

Improper Authorization

ethycafides is vulnerable to improper authorization. The vulnerability is due to insufficient scope validation in the OAuth client creation and update endpoints, which allows an attacker or a highly privileged user to escalate privileges to owner-level...

8.6CVSS7.2AI score0.00392EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-8163

Malware in sbrugna...

4.3CVSS5AI score0.00548EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.4 views

Janssen 安全漏洞

Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...

8.2CVSS6.3AI score0.00343EPSS
Exploits0References5
OSV
OSV
added 2025/04/02 10:36 p.m.5 views

GHSA-C9PR-Q8GX-3MGP Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

9.3CVSS8.4AI score0.00885EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/04/02 10:36 p.m.18 views

Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

9.8CVSS8.4AI score0.00885EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2025/04/02 9:10 p.m.96 views

CVE-2025-31477

CVE-2025-31477 concerns the Tauri shell plugin (prior to 2.2.1). The open endpoint allowed system-opening with protocols like file://, smb://, or nfs:// due to improper validation, enabling remote code execution when untrusted input is passed. Affected: tauri-plugin-shell before version 2.2.1. Mi...

9.8CVSS8.3AI score0.00885EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/02 9:10 p.m.9 views

CVE-2025-31477 Improper Scope Validation in the open Endpoint of tauri-plugin-shell

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was...

9.3CVSS8.3AI score0.00885EPSS
Exploits1References2
NVD
NVD
added 2023/03/30 7:15 p.m.20 views

CVE-2023-26482

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS9AI score0.04176EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/03/30 6:27 p.m.9 views

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS9AI score0.04176EPSS
Exploits2References2
OSV
OSV
added 2023/03/30 6:27 p.m.20 views

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS8.7AI score0.04176EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2022/10/28 9:15 p.m.2 views

CVE-2022-43284

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

7.5CVSS5.8AI score0.00797EPSS
Exploits1References3
NVD
NVD
added 2020/08/25 7:15 p.m.12 views

CVE-2020-16197

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

4.3CVSS4.5AI score0.00548EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/08/25 6:51 p.m.14 views

CVE-2020-16197

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

4.5AI score0.00548EPSS
Exploits0References3
CVE
CVE
added 2020/08/25 6:51 p.m.57 views

CVE-2020-16197

CVE-2020-16197 affects Octopus Deploy 3.4. An authorised user can configure a deployment target with an Account or Certificate outside the target’s scope and may use a certificate not in scope. The vulnerability also allows obtaining certificate metadata by associating a certificate with resource...

4.3CVSS4.5AI score0.00548EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder