Lucene search
K

377 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 9:31 a.m.11 views

Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.7AI score0.00392EPSS
Exploits0References12Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/19 5:9 a.m.17 views

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.7AI score0.00392EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/18 3:39 p.m.16 views

CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

Summary The custom htmlpurify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

5.7AI score0.00029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40977

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the chatflow update endpoint. This occurs when an application takes user-provided data and applies it to an internal object without sufficient filtering, allowing...

8.1CVSS5.5AI score0.00268EPSS
Exploits1References7
CVE
CVE
added 2026/05/13 4:9 p.m.14 views

CVE-2026-2695

The CVE-2026-2695 entry affects TeamViewer DEX Platform On-Premises (formerly 1E DEX Platform On-Premises) up to version 9.2. The root cause is improper input validation in instruction input, enabling authenticated users with at least questioner privileges to inject commands in specific instructi...

6.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 3:24 p.m.44 views

CVE-2026-42613 Grav: Privilege Escalation via Missing Server-Side Validation of groups/access

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the...

9.4CVSS0.00939EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 5:18 p.m.13 views

MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`

Summary The public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published server.json. Server-side validation in internal/validators/validators.go validateWebsiteURL only checks that the...

5.4CVSS5.7AI score0.00167EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:23 a.m.44 views

CVE-2026-41890 CI4MS: Arbitrary Database Table Drop via Theme deleteProcess

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:26 p.m.20 views

GHSA-PXM6-MHXR-Q4MJ Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access

Bug Report: Registration Privilege Escalation via Missing Server-Side Validation of groups/access Summary The Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enable...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 9:26 p.m.21 views

Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access

Bug Report: Registration Privilege Escalation via Missing Server-Side Validation of groups/access Summary The Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enable...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.17 views

PT-2026-37279

Name of the Vulnerable Software and Affected Versions Grav version 1.8.0-beta.29 Login Plugin versions prior to 3.8.2 Description A missing server-side validation issue exists in the Login::register function of the Login plugin. When user registration is enabled and the groups or access fields ar...

9.4CVSS6.5AI score0.00939EPSS
Exploits0References7
OSV
OSV
added 2026/04/25 11:48 p.m.6 views

GHSA-C4QG-J8JG-42Q5 OpenClaw: QQBot direct media upload skipped URL SSRF validation

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34802

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

9.2CVSS5.7AI score0.00518EPSS
Exploits0References5
OSV
OSV
added 2026/04/16 9:44 p.m.7 views

GHSA-48M6-CH88-55MJ Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Summary An improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objects during account creation. This enables client-controlled manipulation of ownership metadata,...

8.1CVSS5.8AI score0.00334EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/10 3:55 p.m.4 views

CVE-2026-35594 Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/10 3:55 p.m.30 views

CVE-2026-35594 Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

6.5CVSS0.00268EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/10 3:31 p.m.8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:31 p.m.9 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/10 3:31 p.m.12 views

Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Title Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or...

6.5CVSS5.8AI score0.00268EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-31945

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without server-side database validation. When a project owner deletes a link share or downgrades its...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References10
Rows per page
Query Builder