Lucene search
K

462 matches found

CVE
CVE
added 2024/07/30 8:15 a.m.96 views

CVE-2023-48396

CVE-2023-48396 concerns an authentication bypass in Apache SeaTunnel (v1.0.0). The underlying issue is a hardcoded JWT secret in the application, enabling an attacker to forge tokens and log in as any user. The secret key can be retrieved from the file path shown in the reports (seatunnel-app/src...

9.1CVSS6.6AI score0.00722EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.4 views

PT-2024-13610 · Apache · Apache Seatunnel

Name of the Vulnerable Software and Affected Versions: Apache SeaTunnel version 1.0.0 Description: The issue is related to a Web Authentication vulnerability in Apache SeaTunnel, where the jwt key is hardcoded in the application. This allows an attacker to forge any token and log in as any user...

9.1CVSS8.9AI score0.00722EPSS
Exploits0References10
NVD
NVD
added 2024/07/15 8:15 p.m.18 views

CVE-2024-39912

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

5.3CVSS0.00394EPSS
Exploits0References2
OSV
OSV
added 2024/07/15 7:38 p.m.32 views

CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

5.3CVSS6.8AI score0.00394EPSS
Exploits0References4
Amazon
Amazon
added 2024/06/12 12:0 a.m.3 views

Important: thunderbird

Issue Overview: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. CVE-2024-4367 If the browser.privatebrowsing.autostart preference is...

8.8CVSS9.8AI score0.72648EPSS
Exploits18
RedHat Linux
RedHat Linux
added 2024/06/10 7:39 p.m.3 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/23 12:9 p.m.5 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/20 7:56 a.m.6 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/20 6:1 a.m.8 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/20 2:10 a.m.4 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/20 1:41 a.m.5 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/16 6:53 p.m.4 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/16 5:46 p.m.7 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
NVD
NVD
added 2024/04/30 1:15 p.m.12 views

CVE-2024-2378

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...

8CVSS7.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/30 12:58 p.m.6 views

CVE-2024-2378

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...

8CVSS7.1AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/30 12:58 p.m.13 views

CVE-2024-2378

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...

8CVSS8.1AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2024/04/30 12:58 p.m.54 views

CVE-2024-2378

CVE-2024-2378 affects Hitachi Energy SDM600 web-authentication (privilege escalation). Public sources confirm: vulnerable component is the SDM600 web-auth/auth mechanism; exploitation leads to elevated privileges on affected installations. Several advisories reference remediation with a newer SDM...

8CVSS7AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-20079 · Sdm600 · Sdm600

Name of the Vulnerable Software and Affected Versions: SDM600 affected versions not specified Description: A vulnerability exists in the web-authentication component of the SDM600. If exploited, an attacker could escalate privileges on affected installations. Recommendations: At the moment, there...

8CVSS6.2AI score0.00216EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.4 views

Hitachi Energy SDM600 安全漏洞

Hitachi Energy SDM600 is a system data manager from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy SDM600 that stems from a problem in the Web authentication component where an attacker could elevate privileges...

8CVSS7AI score0.00216EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/16 8:26 p.m.2 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
Rows per page
Query Builder