CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

CVE-2026-6673 Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS

Exploits0References1

Positive Technologies•added 5 days ago•10 views

PT-2026-51316

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Remote unauthenticated attackers can inject a rogue sharedSecret and disrupt the Jira integration. This occurs during the...

6.4CVSS5.8AI score0.00177EPSS

Exploits0References6

VulnCheck KEV•added 2023/11/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS7AI score0.30921EPSS

Exploits3References1

OSV•added 2021/05/18 6:22 p.m.•35 views

GHSA-2RMP-FW5R-J5QV Improper Authentication in InfluxDB

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS9.5AI score0.30921EPSS

Exploits3References8

Github Security Blog•added 2021/05/18 6:22 p.m.•55 views

Improper Authentication in InfluxDB

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS9.1AI score0.30921EPSS

Exploits3References8Affected Software1

GithubExploit•added 2021/04/28 4:25 p.m.•236 views

Exploit for Improper Authentication in Influxdata Influxdb

InfluxDB Exploit CVE-2019-20933 Exploit for InfluxDB CVE-2019...

9.8CVSS0.5AI score0.30921EPSS

Exploits3

NVD•added 2020/11/19 2:15 a.m.•25 views

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS9.7AI score0.30921EPSS

Exploits3References5

Prion•added 2020/11/19 2:15 a.m.•12 views

Authentication flaw

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

7.5CVSS9.4AI score0.30921EPSS

Exploits3References5Affected Software2

UbuntuCve•added 2020/11/19 2:15 a.m.•39 views

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS6.9AI score0.30921EPSS

Exploits3References5

CVE•added 2020/11/19 1:50 a.m.•253 views

CVE-2019-20933

InfluxDB before 1.7.6 contains an authentication bypass in the authenticate function (services/httpd/handler.go) where a JWT token may carry an empty SharedSecret. This can allow an attacker to bypass authentication and gain unauthorized access, potentially enabling data modification or administr...

9.8CVSS9.4AI score0.30921EPSS

In wildExploits3References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by