Lucene search
+L

708 matches found

Nuclei
Nuclei
added yesterday71 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7.4AI score0.02572EPSS
Exploits0References2
CVE
CVE
added 5 days ago36 views

CVE-2026-46638

Twig pre-3.26.0 allowed a cached template to bypass SecurityPolicy::checkSecurity() via {% sandbox %}{% include %} without re-checking; the issue is fixed in 3.26.0. Debian advisories extend the fix to 3.27.0 for the stable release. Affected software: Twig PHP template engine; vulnerability invol...

8.1CVSS6.1AI score0.00265EPSS
Exploits0References3Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-49783

CVE-2026-49783 is a Windows Secure Boot issue described as an improperly implemented security check for the standard, enabling a local attacker with low privileges to bypass a security feature. The CVSS v3.1 base score is 7.8 (HIGH) with local attack vector, low attack complexity, no user interac...

7.8CVSS6AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-58157

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. This issue is particularly critical for server...

7.8CVSS6AI score0.00263EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.6 views

cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter

A flaw was found in the OAuthRequestFilter component of cxf. A logic error in this filter inadvertently creates an inverse security check when enabled. This issue causes legitimate requests from a bound IP address to be rejected, while requests from any other IP address are blindly allowed. This...

9.8CVSS5.9AI score0.00668EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 7:5 a.m.39 views

CVE-2026-12577 DVP80ES3 Improperly Implemented Security Check for Standard vulnerability

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability...

8.7CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:5 a.m.8 views

EUVD-2026-40932

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 7:5 a.m.10 views

CVE-2026-12577 DVP80ES3 Improperly Implemented Security Check for Standard vulnerability

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 10:18 p.m.6 views

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.9 views

CVE-2026-50628

A flaw was found in the OAuthRequestFilter component of cxf. A logic error in this filter inadvertently creates an inverse security check when enabled. This issue causes legitimate requests from a bound IP address to be rejected, while requests from any other IP address are blindly allowed. This...

9.8CVSS4.8AI score0.00668EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/12 7:44 p.m.9 views

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS5.2AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 7:44 p.m.4 views

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS5.9AI score0.00189EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 8:52 a.m.14 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

5.3AI score0.00371EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 5:34 p.m.10 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

3.7CVSS5.9AI score0.00134EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:34 p.m.10 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

3.7CVSS5.9AI score0.00134EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:34 p.m.9 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

3.7CVSS5.9AI score0.00134EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:34 p.m.8 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

3.7CVSS5.9AI score0.00134EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 9:31 p.m.20 views

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

8.8CVSS6AI score0.00405EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 9:28 p.m.17 views

Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

8.6CVSS5.8AI score0.00833EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/20 9:41 a.m.11 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated % sandbox % include path. An attacker can bypass Twig sandbox restrictions by including a template that was previously loade...

8.1CVSS5.8AI score0.00265EPSS
Exploits0References2
Rows per page
Query Builder