Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18660

Malware in sbrugna...

9.8CVSS9.2AI score0.01334EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.9 views

CVE-2020-26030

An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users...

9.8CVSS6.9AI score0.01334EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.4 views

PT-2022-6406 · NetGear · Netgear Cax30

Name of the Vulnerable Software and Affected Versions: NETGEAR CAX30S versions affected versions not specified NETGEAR CAX30 versions affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers...

8.8CVSS7.5AI score0.01144EPSS
Exploits0References7
Prion
Prion
added 2021/09/07 12:15 p.m.12 views

Information disclosure

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

5.5CVSS7.9AI score0.00948EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/12/28 8:15 a.m.19 views

CVE-2020-26030

An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users...

9.8CVSS6.8AI score
Exploits0References1
CVE
CVE
added 2020/12/28 7:57 a.m.56 views

CVE-2020-26030

CVE-2020-26030 affects Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header when SSO is not configured, allowing an attacker to create a valid authenticated session and perform actions in the name of other users. The description is corroborated across ...

9.8CVSS9.2AI score0.01334EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/11/26 12:0 a.m.4 views

PT-2019-14652 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: PEGA Platform version 8.3.0 Description: The issue allows a low-privilege account to perform actions and retrieve data that should only be accessible to an administrator. This can be achieved by sending a direct request to the "prweb/sso/rand...

8.1CVSS6.5AI score0.01045EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/11/26 12:0 a.m.6 views

PT-2019-14651 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: PEGA Platform versions 7.x through 8.x Description: The issue allows for information disclosure via a direct request to /prweb/sso/random token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random harness id to obtain database sche...

4.3CVSS6.2AI score0.00783EPSS
Exploits1References3
Into the symmetry
Into the symmetry
added 2017/05/30 8:36 a.m.30 views

Cross-origin brute-forcing of Github SAML and 2FA recovery codes

Yesterday while reading my Twitter stream I found this interesting article about downloading GitHub SSO bypass codes. Same as Yasin Soliman I was invited to a Github pre-release of the organisation SAML single sign-on SSO private program. And same as him I found an issue in the same endpoint. So ...

7.2AI score
Exploits0
Rows per page
Query Builder