Lucene search
K

10 matches found

AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.8 views

CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.3CVSS5.7AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.12 views

CVE-2026-43000

A flaw was found in OpenStack Keystone. An attacker with a member role on a project can escalate their privileges to an administrator role. This is achieved by combining an application credential impersonation vulnerability with the misuse of Keystone trusts. The system incorrectly validates...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/08 5:2 p.m.46 views

MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

5.8AI score0.00409EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25339

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/22 3:35 p.m.8 views

CVE-2025-55751

OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicious external site. This enables phishing,...

5.1CVSS7.1AI score0.00296EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 3:31 p.m.19 views

CVE-2025-55751

CVE-2025-55751 : OnboardLite contains an open redirect endpoint where an attacker can craft a link to the trusted application that, when visited, redirects users to a malicious external site. This enables phishing, credential theft, malware delivery, and trust abuse. The described root cause is i...

5.1CVSS6.5AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.12 views

PT-2025-34076 · Unknown · Onboardlite

Name of the Vulnerable Software and Affected Versions: OnboardLite versions with commit hash 6cca19e or later Description: An attacker can manipulate a link to the trusted application, redirecting users to a malicious external site upon access. This enables phishing, credential theft, malware...

5.1CVSS6AI score0.00296EPSS
Exploits0References5
Hacker One
Hacker One
added 2018/09/14 5:22 a.m.15 views

Shopify: SSRF in hatchful.shopify.com

This vulnerability similar to https://hackerone.com/reports/156877 , that I found in your old version of your logo-creator. During logo-creating process the user can select logo in wysiwyg editor, then enter email address and wait. In this moment server send to user's browser large amount of data...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/29 12:0 a.m.30 views

SAP Internet Transaction Server XSS vulnerability

Vulnerability class : Cross-Site Scripting Discovery date : 13 September 2006 Remote : Yes Credit : ILION Research Labs Vulnerable : SAP ITS Vulnerable version: Versions 6.1 and 6.2 have been found to be vulnerable. Other versions might be too. A XSS Cross-Site-Scripting vulnerability has been...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/03/21 12:0 a.m.28 views

XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)

Vulnerability class : Cross-Site Scripting Discovery date : 2nd of February 2006 Remote : Yes Local : No Credit : ILION Research Labs, Geneva Switzerland Vulnerable : F5 Firepass 4100 SSL VPN v. 5.4.2 A XSS Cross-Site-Scripting vulnerability has been uncovered in my.support.php3 called through a...

0.4AI score
Exploits0
Rows per page
Query Builder