Lucene search
K

7 matches found

CVE
CVE
added 2026/06/12 8:56 a.m.50 views

CVE-2026-50628

CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...

9.8CVSS5.3AI score0.00668EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/12 8:52 a.m.3 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

4.8CVSS5.9AI score0.00371EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 8:35 a.m.3 views

CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.5 views

PT-2024-5584

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description The issue is related to SQL injection in the QuerySet.values and values list methods on models with a JSONField. This vulnerability can be exploited by passing a...

10CVSS6.8AI score0.01227EPSS
Exploits0References170
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.7 views

PT-2024-6068

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description The issue is related to the get supported language variant function in Django, which can be subject to a potential denial-of-service attack when used with very lo...

8.7CVSS6.7AI score0.28637EPSS
Exploits0References156
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-21635

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions 4.1.4 through 4.2.0 Description A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user into following a specially crafted URL to the OAuth login page, whic...

6.1CVSS6.2AI score0.00567EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.5 views

PT-2024-18997 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Authenticated users could inject code into algorithm...

8.8CVSS8.8AI score0.01266EPSS
Exploits0References10
Rows per page
Query Builder