Lucene search
K

14 matches found

NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56215

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References8
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-49871

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

9.3CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 7:16 p.m.2 views

PYSEC-2026-601

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References5
NVD
NVD
added 2026/05/28 7:16 p.m.17 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS0.00328EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.8 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44465

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description A privilege escalation issue exists where an attacker with a member role on a project can escalate their privileges to admin. This is achieved by chaining unrestricted application...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References17
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.28 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS0.00328EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

Authenticator 安全漏洞

Authenticator is an authentication tool developed by Authenticator Extension. Versions of Authenticator prior to 4.16.0 contained a security vulnerability. This vulnerability stemmed from the possibility that the authentication process could be hijacked, allowing attackers to use the identity of...

9.3CVSS5.8AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 2:16 a.m.5 views

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

8.2CVSS5.8AI score0.00171EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 12:12 a.m.6 views

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

8.6CVSS6.5AI score0.00171EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 12:12 a.m.12 views

CVE-2025-64729

The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...

8.6CVSS6.5AI score0.00171EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/04/17 2:32 p.m.4 views

elytron-oidc-client: OIDC Authorization Code Injection

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

4.2CVSS5.8AI score0.00248EPSS
Exploits0References8
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
Rows per page
Query Builder