Lucene search
K

10 matches found

CVE
CVE
added 2026/06/12 9:56 p.m.22 views

CVE-2026-53830

OpenClaw prior to 2026.4.22 is affected by a webhook secret revocation bypass. The vulnerability lets callers with old Slack/Zalo webhook secrets remain active after secrets.reload, enabling delivery of webhook events during the stale-secret window and potentially accepting previous credentials. ...

6.5CVSS5.3AI score0.00207EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

UDS Identity Config 安全漏洞

UDS Identity Config is a Keycloak configuration image building tool developed by Defense Unicorns. Versions 0.11.0 to 0.26.0 of UDS Identity Config contain security vulnerabilities. These vulnerabilities stem from logical errors in the client-kubernetes-secret Keycloak authentication handler. Thi...

10CVSS5.4AI score0.00341EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/04 2:37 p.m.20 views

Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamicclientregistrationcontroller.rb:18-25, yet the response includes a clientsecret and advertises tokenendpointauthmethodssupported: "clientsecretbasic", "clientsecretpost"...

5.8AI score0.00058EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 4 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. - kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin CVE-2024-3177 -...

7.5CVSS6.8AI score0.02224EPSS
Exploits1References21
OSV
OSV
added 2026/03/25 6:9 p.m.4 views

CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving

n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the...

7.3CVSS5.8AI score0.0026EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.4 views

SUSE CVE-2010-4252

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

7.5CVSS7AI score0.08076EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

9.8CVSS6.8AI score0.04242EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.3 views

API Mediation Layer 授权问题漏洞

The API Mediation Layer is an API mediation layer that provides a single access point to the Mainframe Services REST API. A security vulnerability exists in API Mediation Layer versions 1.16 through 1.19. An attacker exploiting this vulnerability could manipulate JWT tokens without knowing the JW...

5.3CVSS5.8AI score0.00442EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/08/04 12:0 a.m.29 views

RedHat Update for pki-core RHSA-2017:2335-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01458EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2012/05/21 4:28 p.m.6 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
Rows per page
Query Builder