CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/11 8:3 p.m.•7 views

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

9CVSS5.3AI score0.00131EPSS

Cvelist•added 2026/06/11 8:3 p.m.•28 views

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

9CVSS0.00131EPSS

Cloud Foundry•added 2026/06/11 12:0 a.m.•5 views

CVE-2026-41005 - UAA accepts SAML Encrypted Assertions authentication bypass | Cloud Foundry

Severity CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 9.0 / Critical CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H 9.5 / Critical Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v2.0.0 through v78.13.0 incorrectly treated XML encryption to the Service...

9CVSS5.4AI score0.00131EPSS

CNNVD•added 2026/06/11 12:0 a.m.•18 views

Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞

Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...

9CVSS5.4AI score0.00131EPSS

RedhatCVE•added 2026/06/05 7:13 p.m.•8 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.4AI score0.00346EPSS

NVD•added 2026/06/04 3:16 a.m.•7 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS0.00074EPSS

ATTACKERKB•added 2026/06/04 1:40 a.m.•4 views

CVE-2026-41860

8.8CVSS5.8AI score0.00074EPSS

Exploits0References2

Positive Technologies•added 2026/06/04 12:0 a.m.•9 views

PT-2026-46134

Name of the Vulnerable Software and Affected Versions BOSH versions prior to 282.1.9 Description An issue in BOSH allows a local attacker to perform Man-in-the-Middle MITM attacks to steal Basic-auth credentials or redirect UAA token requests. This occurs because the create async endpoint and sen...

8.8CVSS5.5AI score0.00074EPSS

Exploits0References5

NVD•added 2026/06/01 10:16 p.m.•13 views

CVE-2026-40965

10CVSS0.00346EPSS

CVE•added 2026/06/01 9:22 p.m.•47 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0–v78.12.0 expose EC private keys via the public /token_keys endpoint, enabling private key disclosure for EC-based JWT signing. Affected components: uaa_release (v76.12.0–v78.12.0) and CF Deployment (v30.0.0–v56.0.0). Root cause: misexposure of EC private key ma...

Cvelist•added 2026/06/01 9:22 p.m.•27 views

CVE-2026-40965

10CVSS0.00346EPSS

ATTACKERKB•added 2026/06/01 9:22 p.m.•9 views

CVE-2026-40965

Exploits0References2Affected Software2

Cloud Foundry•added 2026/06/01 12:0 a.m.•5 views

CVE-2026-41859 - Missing TLS in NATS sync | Cloud Foundry

CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor Cloudfoundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to v282.1....

7.8CVSS5.8AI score0.00098EPSS

Cloud Foundry•added 2026/06/01 12:0 a.m.•4 views

CVE-2026-41860 - Missing tls-verify on bosh-monitor | Cloud Foundry

High CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HVendor Cloud Foundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to...

8.8CVSS5.8AI score0.00074EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-45616

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 Description Private key exposure occurs when the server inadvertently reveals Elliptic Curve EC private keys through the public '/token keys'...

CNNVD•added 2026/06/01 12:0 a.m.•8 views

Exploits0References8

Cloud Foundry UAA 安全漏洞

Cloud Foundry UAA is an identity verification and management service terminal designed for the CloudFoundry platform by the Cloud Foundry Foundation in the United States. There is a security vulnerability in Cloud Foundry UAA, which stems from the exposure of private keys. This vulnerability may...

10CVSS5.3AI score0.00346EPSS

Cloud Foundry•added 2026/05/14 12:0 a.m.•3 views

CVE-2026-40965 - UAA EC Private Key Disclosure via token_keys JSON Response | Cloud Foundry

10.0 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L 10.0 / Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contain...

vulnersOsv•added 2026/05/05 6:33 p.m.•6 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-5766 Source advisory: OSV:GHSA-W26R-RMM8-9C29...

6.3CVSS5.4AI score0.00423EPSS

vulnersOsv•added 2026/04/07 3:30 p.m.•8 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-3902 via django (>=5.2.0 <=5.2.12)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:GHSA-MVFQ-GGXM-9MC5...

7.5CVSS5.4AI score0.00436EPSS