Lucene search
K

21 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 3:44 a.m.10 views

CVE-2026-9794 Keycloak: keycloak: information disclosure via saml ecp endpoint

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS5.7AI score0.00331EPSS
Exploits0References6
OSV
OSV
added 2026/04/10 5:0 p.m.1 views

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

5.3CVSS6AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2026/04/02 4:8 p.m.3 views

CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS5.9AI score0.00418EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29796

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.24.0-beta.4 Description Signal K Server, a server application used in marine navigation systems, contains a privilege escalation issue. An unauthenticated attacker can exploit this to gain full Administrator...

9.4CVSS5.9AI score0.00418EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.4 views

CVE-2026-3263

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote...

8.8CVSS6.3AI score0.00314EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 10:20 p.m.6 views

CVE-2026-3263

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote...

8.8CVSS0.00314EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/26 9:32 p.m.20 views

CVE-2026-3263 go2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorization

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote...

6.5CVSS0.00314EPSS
Exploits1References4
CVE
CVE
added 2026/02/26 9:32 p.m.12 views

CVE-2026-3263

The CVE affects go2ismail Asp.Net-Core-Inventory-Order-Management-System up to version 9.20250118. The vulnerability lies in an unknown functionality within the /api/Security/ of the Security API, where manipulation can lead to improper authorization and remote exploitation. Vendor has not respon...

8.8CVSS5.3AI score0.00314EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-50860

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/03 1:11 p.m.15 views

CVE-2023-46669

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

6.2CVSS6.3AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2025/05/01 1:15 p.m.9 views

CVE-2023-46669

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

7.1CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 2025/05/01 12:59 p.m.55 views

CVE-2023-46669

The CVE-2023-46669 issue concerns Elastic Agent and Elastic Security Endpoint where an API key disclosure could expose sensitive information to local unauthorized actors, enabling potential impersonation of Endpoint to the Elastic Stack. Affected components are Elastic Agent and Elastic Security ...

7.1CVSS6.1AI score0.00153EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/05/01 12:59 p.m.5 views

CVE-2023-46669 Elastic Agent / Elastic Endpoint Security local API key disclosure

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

6.2CVSS6.4AI score0.00153EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

Elastic Agent和Elastic Security Endpoint 安全漏洞

Elastic Agent and Elastic Security Endpoint are both products of the Dutch company Elastic.Elastic Agent is a single agent. Logs, metrics, traces, availability, security and other data can be collected from each host.Elastic Security Endpoint is an Endpoint Detection and Response EDR solution bui...

7.1CVSS5.9AI score0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.9 views

PT-2025-7112 · Tp Link · Tp-Link Tl-Wr841Nd

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841ND version V11 Description: A buffer overflow issue was discovered via the pskSecret parameter at the "/userRpm/WlanSecurityRpm.htm" API endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted...

7.8CVSS7.1AI score0.00503EPSS
Exploits1References9
OSV
OSV
added 2023/08/30 5:15 p.m.4 views

CVE-2023-40593

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language SAML request to the /saml/acs REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References2
Huntr
Huntr
added 2022/10/27 1:33 a.m.29 views

User Enumeration

Description The migrate-email endpoint is requiring Email, Username, and Password parameter. The Username parameter value will be queried to userManager.Users and will returning data to user variable, if user variable contain null value, the application will return bad request with "Invalid...

5CVSS2.2AI score0.009EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2020/07/13 12:0 a.m.34 views

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.5AI score0.79673EPSS
In wildExploits2References4
Cvelist
Cvelist
added 2020/02/14 9:29 p.m.28 views

CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

4.4AI score0.00815EPSS
Exploits0References2
CNVD
CNVD
added 2016/04/09 12:0 a.m.33 views

Panda Security Endpoint Administration Agent Elevation of Privilege Vulnerability

Panda Security Endpoint Administration Agent is an endpoint administration agent service. An elevation of privilege vulnerability exists in Panda Security Endpoint Administration Agent, which can be exploited by a local attacker to elevate privileges and take control of a host...

7.8CVSS7AI score0.01188EPSS
Exploits3References1
Rows per page
Query Builder