Lucene search
K

9 matches found

NVD
NVD
added 2026/06/12 10:16 a.m.10 views

CVE-2026-50634

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

6.5CVSS0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 9:5 a.m.10 views

EUVD-2026-36402

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

6.5CVSS5.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48853

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

5.2AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 10:16 p.m.19 views

CVE-2026-8240

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42562

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Unauthenticated users can access page metadata on any page that has a configured summary template. This allows for the disclosure of private, draft, and restricted pages, leaking information suc...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Tainacan plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability

Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability discovered by Deadbee - NA in WordPress Plugin Tainacan versions = 1.0.1...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/12/23 12:30 p.m.39 views

Improper Authentication

github.com/edgelesssys/contrast is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated LUKS2 volume metadata and support for null key-encryption algorithms, which allows an attacker to craft a malicious volume that opens with any passphrase and captures all written...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/12 1:1 p.m.2 views

CVE-2025-59054 dstack has insecure LUKS2 persistent storage partitions that may be opened and used

dstack is a software development kit SDK to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the /data mount. The guest will open t...

8.5CVSS6.5AI score0.00159EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/06/05 12:0 a.m.15 views

The vulnerability of Thunderbolt devices’ microcontrollers lies in the ability to load metadata from an unauthenticated device. This allows a hacker to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.

The vulnerability of Thunderbolt devices’ microcontrollers relates to the ability to load metadata from an unauthenticated device. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...

7.6CVSS5.5AI score
Exploits0References3Affected Software1
Rows per page
Query Builder