Lucene search
K

64 matches found

CVE
CVE
added yesterday19 views

CVE-2026-15075

CVE-2026-15075 affects Eclipse Vert.x up to 4.5.29 (4.x) and 5.1.4 (5.x). The DefaultRedirectHandler in vertx-core forwards all request headers across cross-origin HTTP 30x redirects, stripping only Content-Length. No origin check is performed before copying headers to the redirect target. This a...

8.2CVSS6.2AI score0.00154EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 11:16 a.m.11 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 10:30 a.m.38 views

CVE-2026-54430 Server-Site Request Forgery in liboauth2

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:11 p.m.5 views

CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/06/30 10:11 p.m.5 views

CVE-2026-54673 electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS5.8AI score0.00235EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 10:11 p.m.17 views

CVE-2026-54673

The CVE affects electron-updater (builder-util-runtime component) prior to version 9.7.0. The root cause is that HttpExecutor.prepareRedirectUrlOptions only stripped a credential header named exactly the lowercase string “authorization.” Other credential-bearing headers, notably PRIVATE-TOKEN and...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 12:0 a.m.3 views

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

7.5CVSS6AI score0.00482EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49330

Name of the Vulnerable Software and Affected Versions LLDAP version 0.6.2 Description An input handling flaw in the HTTP refresh token process allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted...

7.5CVSS5.9AI score0.00482EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:12 p.m.10 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 4:12 p.m.35 views

CVE-2026-41448

CVE-2026-41448 affects AdGuard Home when started with --glinet. The vulnerability stems from unsanitized path construction in the authglinet middleware, enabling an authentication bypass via a crafted path traversal sequence in the Admin-Token cookie/header, yielding unauthenticated full admin ac...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 2:13 p.m.2 views

CVE-2026-35672 phpMyFAQ - Authentication Bypass via Empty API Token

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS6AI score0.00384EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:13 p.m.7 views

CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44383

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the default empty value of api.apiClientToken in API v4.0, which allowed unverified users to create...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-4988 DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header in github.com/l3montree-dev/devguard

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 3:46 p.m.8 views

GHSA-GP95-J463-VV28 phpMyFAQ: Default Empty API Token Authentication Bypass

Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The vulnerability exists in all versions since API v4.0 was introduced because the installation process seeds api.apiClientToken with an empty...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/20 3:46 p.m.16 views

phpMyFAQ: Default Empty API Token Authentication Bypass

Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The vulnerability exists in all versions since API v4.0 was introduced because the installation process seeds api.apiClientToken with an empty...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.18 views

PT-2026-42374

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.8 views

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.12 views

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS0.00257EPSS
Exploits0References2
Rows per page
Query Builder