Lucene search
K

162663 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 5:12 p.m.7 views

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/02 5:12 p.m.30 views

CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS0.00169EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/02 4:24 p.m.12 views

USN-8372-1: age vulnerability

It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplying a crafted recipient or identity string...

9.8CVSS5.9AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/06/02 4:24 p.m.9 views

USN-8372-1 age vulnerability

It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplying a crafted recipient or identity string...

9.8CVSS5.9AI score0.00472EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 4:16 p.m.18 views

CVE-2026-9590

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

5.3CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.18 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 4:16 p.m.13 views

CVE-2026-34460

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.12 views

CVE-2026-37229

FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...

7.5CVSS5.8AI score0.00624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.9 views

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

9.8CVSS5.9AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:38 p.m.7 views

CVE-2026-42073

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter...

6.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 3:29 p.m.8 views

CVE-2026-34460 NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:29 p.m.9 views

EUVD-2026-33960

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:29 p.m.41 views

CVE-2026-34460 NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS0.00114EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 2:17 p.m.18 views

Important: Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update

An update is now available for Red Hat Lightspeed formerly Insights for Runtimes on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS7.3AI score0.01557EPSS
Exploits1References7
NVD
NVD
added 2026/06/02 2:17 p.m.10 views

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

8.8CVSS0.00471EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:7 p.m.6 views

CVE-2026-9590

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 2:7 p.m.12 views

EUVD-2026-33935

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 2:7 p.m.8 views

CVE-2026-9590

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

5.8AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 2:7 p.m.37 views

CVE-2026-9590

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:3 p.m.13 views

EUVD-2026-33932

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

7.5CVSS5.9AI score0.00402EPSS
Exploits0References2
Rows per page
Query Builder