Lucene search
+L

40 matches found

nvd
nvd
added 2026/07/02 8:17 p.m.5 views

CVE-2026-59099

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS0.00356EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/02 7:42 p.m.9 views

CVE-2026-59099

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/07/02 7:42 p.m.3 views

CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6.2AI score0.00356EPSS
Exploits0References8
cvelist
cvelist
added 2026/07/02 7:42 p.m.35 views

CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS0.00356EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6.2AI score0.00356EPSS
Exploits0References5
euvd
euvd
added 2026/07/02 7:42 p.m.7 views

EUVD-2026-41430

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.18 views

PT-2026-55299

Name of the Vulnerable Software and Affected Versions Apereo CAS versions 7.3.0 through 8.0.0-RC5 Description A cryptographic issue allows remote unauthenticated attackers to recover plaintext conversation state. This occurs because the system reuses the AES-GCM initialization vector IV across th...

9.3CVSS6.2AI score0.00356EPSS
Exploits0References10
vulnersosv
vulnersosv
added 2026/03/05 12:31 a.m.13 views

ba.sake:pac4j-testkit (>=0.1.0 <=0.2.0), com.github.hiwepy:pac4j-spring-boot-starter (=3.3.x.20241020.RELEASE) +2 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=6.0.5 <=6.2.2)

org.pac4j:pac4j-jwt MAVEN version =6.0.5, =0.1.0, =7.1.0, =7.1.0, =7.3.4 Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...

9.3CVSS7.1AI score0.05856EPSS
Exploits17
redhatcve
redhatcve
added 2026/01/09 9:28 a.m.2 views

CVE-2023-49818

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

5.3CVSS8.5AI score0.00497EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:5 a.m.11 views

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

5CVSS6.3AI score0.00353EPSS
Exploits0References1
hackread
hackread
added 2026/01/01 9:4 p.m.5 views

How Webflow Helps Companies Move Faster Without Sacrificing Brand Control

Conventional development frequently results in a trade-off between speed and brand consistency, which harms reputation by causing delays…...

7AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53726

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00497EPSS
Exploits0References1
ossf
ossf
added 2025/08/14 5:41 p.m.4 views

Malicious code in webflow-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42b661acb4e76b31c10ac6138d3b67ef2606a39e5c0c291796f123ac6b232d93 The OpenSSF Package Analysis project identified 'webflow-extension' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
osv
osv
added 2025/08/14 5:41 p.m.3 views

MAL-2025-6875 Malicious code in webflow-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42b661acb4e76b31c10ac6138d3b67ef2606a39e5c0c291796f123ac6b232d93 The OpenSSF Package Analysis project identified 'webflow-extension' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
malwarebytes
malwarebytes
added 2025/06/27 3:30 p.m.12 views

Fake DocuSign email hides tricky phishing attempt

On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...

7.2AI score
Exploits0
thn
thn
added 2025/02/13 3:13 p.m.19 views

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network CDN with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access ...

7.1AI score
Exploits0
nvd
nvd
added 2024/12/09 1:15 p.m.8 views

CVE-2023-49818

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

5.3CVSS0.00497EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/09 11:30 a.m.11 views

CVE-2023-49818 WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

5.3CVSS7.2AI score0.00497EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/12/09 12:0 a.m.6 views

PT-2024-13808 · Webflow · Webflow Pages

Name of the Vulnerable Software and Affected Versions: Webflow Pages versions 1.0.0 through 1.0.8 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.0.0 through...

5.3CVSS9.5AI score0.00497EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/12/09 12:0 a.m.4 views

WordPress plugin Webflow Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.7AI score0.00497EPSS
Exploits0References1
Rows per page
Query Builder