Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2 days ago5 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS0.0001EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2 days ago6 views

PT-2026-46134

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreate async endpoint and send http get request synchronous hard-code OpenSSL::SSL::VERIFY NONE, enabling an attacker to intercept traffic between bosh-monitor and the...

8.8CVSS5.8AI score0.0001EPSS
Exploits0References2
OSV
OSVadded 2020/11/11 5:15 p.m.2 views

CVE-2020-5426

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

9.8CVSS5.8AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/11/11 5:5 p.m.13 views

CVE-2020-5426 Scheduler for TAS can transmit privileged UAA token in plaintext

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

8.6CVSS9.4AI score0.00179EPSS
Exploits0References1
Cloud Foundry
Cloud Foundryadded 2018/12/10 12:0 a.m.15 views

CVE-2018-15754: UAA issues tokens across identity providers if users with matching usernames exist | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA release: versions v60 prior to v66.0 Description Cloud Foundry UAA, versions v60 prior to v66.0, contain an authorization logic error. In environments with multiple identity providers that contain...

8.8CVSS6.1AI score0.00393EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2018/10/19 10:0 p.m.2 views

br.com.anteros:Anteros-Keycloak (=1.0.0), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +57 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =4.0.1 - com.ge.research.semtk:springSecurityLibrary =2.2.2 -...

9.6CVSS7.2AI score0.00326EPSS
Exploits0
Rows per page
Query Builder