Lucene search
+L

118 matches found

NVD
NVD
added yesterday7 views

CVE-2026-16104

A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys,...

4.3CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45226

A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys,...

4.3CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-16104

CVE-2026-16104 affects the authentication configuration endpoint in the Keycloak services used by Red Hat Build of Keycloak. The underlying issue is that the system does not mask sensitive configuration values (e.g., reCAPTCHA secrets) when requested by administrators with view-only permissions, ...

4.3CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-16104 Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins

A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys,...

4.3CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-16104

A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys,...

4.3CVSS4.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60800

A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys,...

4.3CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added 2026/07/08 1:30 p.m.5 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/26 11:10 p.m.9 views

Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...

3.5CVSS5.7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 11:10 p.m.5 views

GHSA-7MQQ-4V55-88GH Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...

3.5CVSS5.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53029

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.74.0 Statamic versions prior to 6.20.3 Description The Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only verifies view authorization but accepts and renders...

3.5CVSS5.3AI score
Exploits0References7
NVD
NVD
added 2026/06/01 5:17 p.m.17 views

CVE-2026-45154

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:37 p.m.11 views

EUVD-2026-33673

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:37 p.m.33 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 4:37 p.m.13 views

CVE-2026-45154 Nextcloud: Improper Access Control in Collectives

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:6 p.m.6 views

CVE-2026-8347

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/22 2:6 p.m.34 views

CVE-2026-8347

The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 2:6 p.m.8 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 2:6 p.m.13 views

EUVD-2026-31442

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 2:6 p.m.35 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS0.00175EPSS
Exploits0References1
Rows per page
Query Builder