Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 a.m.10 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5AI score0.00348EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/20 10:16 a.m.6 views

CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.7AI score0.00815EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Oracle WebLogic Server 安全漏洞

Oracle WebLogic Server is an application service middleware offered by Oracle Corporation in the United States. It serves both cloud and traditional environments. This product provides a modern, lightweight development platform that supports the entire lifecycle management of applications, from...

7.5CVSS7.2AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Microsoft Bing 安全漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Bing, which stems from a flaw in Microsoft’s cloud services. Attackers can exploit this vulnerability to gain higher privileges...

10CVSS5.8AI score0.00705EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

SHARP多款产品 访问控制错误漏洞

Sharp HR02 is a product of Japanese company Sharp. The Sharp HR02 is a home router. The Sharp SH-52B is a wireless local area network connection station. The Sharp SH-54C is also a wireless local area network connection station. Several Sharp products have vulnerabilities related to access contro...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Dell Display and Peripheral Manager 后置链接漏洞

Dell Display and Peripheral Manager is a peripheral management software developed by the American company Dell. Versions of Dell Display and Peripheral Manager prior to version 2.2 had a backlink vulnerability. This vulnerability stemmed from improper link resolution in the installer and services...

6.6CVSS5.8AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/01/21 7:16 a.m.2 views

UBUNTU-CVE-2025-14559

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.7AI score0.00443EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/21 6:13 a.m.4 views

CVE-2025-14559 Org.keycloak/keycloak-services: keycloak keycloak-services: business logic flaw allows unauthorized token issuance for disabled users

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/21 6:13 a.m.6 views

EUVD-2026-3686

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.4 views

PT-2026-3753

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the keycloak-services component of Keycloak. This issue allows the issuance of access and refresh tokens for disabled users, potentially leading to unauthorized use of...

8.5CVSS5.4AI score0.00443EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.4 views

PT-2025-46374

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework contains a flaw within the bert services component. An attacker could craft malicious data that leads to code injection. Exploitation of this issue may...

7.8CVSS6.7AI score0.00275EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/26 6:29 p.m.2 views

CVE-2025-23312

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure...

7.8CVSS7.6AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2025/05/13 5:15 p.m.2 views

CVE-2025-29968

Improper input validation in Active Directory Certificate Services AD CS allows an authorized attacker to deny service over a network...

6.5CVSS7.3AI score0.01624EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.3 views

UNISOC chipset 安全漏洞

UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in UNISOC chipset due to a lack of privilege checking in unit services, which can be exploited by an attacker to cause a local denial of service in the kernel...

5.5CVSS5.8AI score0.00083EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/08/12 12:0 a.m.4 views

The vulnerability of the web component of the Essbase Analytic Provider Services allows a perpetrator to trigger a service failure.

The vulnerability of the Essbase Analytic Provider Services web component is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS7.3AI score0.01832EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/06/25 9:15 p.m.1 views

CVE-2021-25654

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services...

7.8CVSS6.3AI score0.00778EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.4 views

The vulnerability of the Web Services component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Web Services component of the Oracle WebLogic Server application server exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through network IIOP and T3...

7.1CVSS6.4AI score0.02408EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/04/17 12:0 a.m.3 views

Oracle WebLogic Server Component Information Disclosure Vulnerability (CNVD-2019-27107)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

7.5CVSS6.8AI score0.39263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/21 12:0 a.m.1624 views

Oracle WebLogic Server Multiple Vulnerabilities (April 2017 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts component due to improper handling of multithreaded access to an ActionForm instance. An unauthenticated, remote attacke...

10CVSS9AI score0.99999EPSS
Exploits53References11
OSV
OSV
added 2016/01/08 9:56 p.m.3 views

USN-2866-1 firefox vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

5.9CVSS6.6AI score0.0288EPSS
Exploits0References2
Rows per page
Query Builder