Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2026/06/04 3:16 a.m.8 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS0.00074EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.11 views

PT-2026-46134

Name of the Vulnerable Software and Affected Versions BOSH versions prior to 282.1.9 Description An issue in BOSH allows a local attacker to perform Man-in-the-Middle MITM attacks to steal Basic-auth credentials or redirect UAA token requests. This occurs because the create async endpoint and sen...

8.8CVSS5.5AI score0.00074EPSS
Exploits0References5
OSV
OSVadded 2020/11/11 5:15 p.m.4 views

CVE-2020-5426

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

9.8CVSS5.8AI score0.00699EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/11/11 5:5 p.m.19 views

CVE-2020-5426 Scheduler for TAS can transmit privileged UAA token in plaintext

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

8.6CVSS9.4AI score0.00699EPSS
Exploits0References1
Cloud Foundry
Cloud Foundryadded 2018/12/10 12:0 a.m.18 views

CVE-2018-15754: UAA issues tokens across identity providers if users with matching usernames exist | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA release: versions v60 prior to v66.0 Description Cloud Foundry UAA, versions v60 prior to v66.0, contain an authorization logic error. In environments with multiple identity providers that contain...

8.8CVSS6.1AI score0.01782EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2018/10/19 10:0 p.m.5 views

br.com.anteros:Anteros-Keycloak (=1.0.0), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +57 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =4.0.1 - com.ge.research.semtk:springSecurityLibrary =2.2.2 -...

9.6CVSS7.2AI score0.02153EPSS
Exploits0
Rows per page
Query Builder