Lucene search
+L

125 matches found

Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-55652 Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin)

Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADERLOGINTRUSTEDIPS uses getRequestIp in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allowing an unauthenticated attacker to send HEADERLOGINID f...

9.8CVSS0.00355EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-55652 Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin)

Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADERLOGINTRUSTEDIPS uses getRequestIp in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allowing an unauthenticated attacker to send HEADERLOGINID f...

9.8CVSS6.1AI score0.00355EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-60395

Name of the Vulnerable Software and Affected Versions Zoom Clients for Windows affected versions not specified Description A time-of-check to time-of-use TOCTOU race condition occurs during the installation and uninstallation process. This flaw allows an authenticated local user to escalate...

7CVSS6.2AI score0.00093EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Zoom Workplace < 7.0.0 Vulnerability (ZSB-26014)

The version of Zoom Workplace installed on the remote host is prior to 7.0.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. - Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 3:16 p.m.10 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 2:8 p.m.31 views

CVE-2026-12986

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.6AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 2:8 p.m.37 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:8 p.m.8 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/17 10:54 a.m.11 views

CVE-2026-46902

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Core. Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise...

9.8CVSS0.00473EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.10 views

CVE-2026-46797

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.17 views

CVE-2026-46773

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware component: OUD Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Unified...

9.8CVSS0.00518EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.14 views

CVE-2026-35300

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise WebLogic...

9.8CVSS0.00565EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.13 views

CVE-2026-35302

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successfu...

8.3CVSS0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49873

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. This flaw allows an unauthenticated attacker...

8.3CVSS5.9AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50025

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...

9.8CVSS5.8AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.29 views

PT-2026-49940

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware Identity Manager version 12.2.1.4.0 Oracle Fusion Middleware Identity Manager version 14.1.2.1.0 Description An issue exists in the OIM Legacy UI component of the Identity Manager product. An unauthenticated attacker...

9.8CVSS5.9AI score0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49988

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49953

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. This flaw allows an...

9.8CVSS5.8AI score0.00474EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 4:16 p.m.12 views

CVE-2026-50083

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.8CVSS0.00364EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/12 3:0 p.m.14 views

EUVD-2026-36473

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS5.3AI score0.00364EPSS
Exploits2References2
Rows per page
Query Builder