Lucene search
K

826 matches found

OSV
OSV
added 2026/05/19 7:42 p.m.4 views

GHSA-G53W-W6MJ-HRPP MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path

Summary The MCP router extproc exposes an initialize-method code path that, when a request carries an mcp-init-host header, bypasses the gateway JWT session validator and rewrites the upstream :authority header to whatever the caller chooses, gated only by a single shared header value router-key...

9.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 4:17 p.m.18 views

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

5.7AI score0.00079EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/17 1:16 p.m.17 views

CVE-2018-25327

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS0.00143EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:11 p.m.12 views

EUVD-2018-21847

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS5.7AI score0.00143EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.40 views

CVE-2018-25327 Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS0.00143EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25327 Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS5.7AI score0.00143EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.12 views

PT-2026-41553

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS5.7AI score0.00143EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.19 views

CVE-2026-24899

Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/15 10:15 a.m.15 views

Authentication Bypass

Unity Catalog is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim in JWT tokens, where the token exchange endpoint dynamically fetches JWKS data based on attacker-controlled issuer values without verifying trusted identity providers, allowing...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/14 9:25 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

8.2CVSS5.5AI score0.00381EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:24 p.m.6 views

GHSA-MGQ6-4X29-88R3 Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/14 4:24 p.m.12 views

Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/14 1:13 p.m.9 views

GHSA-FFG9-J72F-J6XM Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41142

Name of the Vulnerable Software and Affected Versions portainer-ce versions 2.33.0 through 2.33.7 portainer-ce-agent versions 2.33.0 through 2.33.7 Description An authorization bypass exists in the middleware layer kubeClientMiddleware within the api/http/handler/kubernetes/handler.go file. The...

8.5CVSS5.8AI score0.00335EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

MCP Registry 代码问题漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.6 contained code-related vulnerabilities. These vulnerabilities stemmed from the OIDC process on both the client and server sides being tied only to a global...

4.7CVSS5.9AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 9:16 p.m.13 views

CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS0.00222EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 8:12 p.m.38 views

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS0.00222EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 8:12 p.m.7 views

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 3:2 p.m.31 views

CVE-2026-44459 Hono: Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS0.00216EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/13 10:41 a.m.12 views

Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

8.6CVSS5.8AI score0.00079EPSS
Exploits0References2
Rows per page
Query Builder