Lucene search
+L

73 matches found

NVD
NVD
added 2026/07/10 8:16 p.m.5 views

CVE-2026-54714

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS0.00253EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 8:16 p.m.7 views

CVE-2026-55370

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 7:57 p.m.38 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:57 p.m.14 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:57 p.m.3 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS6.1AI score0.00259EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/10 7:56 p.m.7 views

EUVD-2026-43011

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS6.1AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:56 p.m.4 views

CVE-2026-55370 Logto: TOTP code can be replayed within the RFC 6238 validity window (one-time use violation)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS6.1AI score0.00199EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 7:55 p.m.36 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS0.00298EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:55 p.m.4 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 7:54 p.m.36 views

CVE-2026-54714 Logto: XSS via unescaped RelayState in SAML auto-submit form

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS0.00253EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:54 p.m.13 views

CVE-2026-54714

Technical details about CVE-2026-54714 are not publicly available in the provided documents. Monitor for updates from Logto advisories and releases.

6.1CVSS6.1AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.12 views

PT-2026-57282

Name of the Vulnerable Software and Affected Versions Logto versions prior to 1.41.0 Description The Account Center step-up check accepts any active verification record belonging to the current user where isVerified is set to true. An attacker with an existing Account API bearer token can create...

8.1CVSS6.1AI score0.00259EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.8 views

PT-2026-57292

Name of the Vulnerable Software and Affected Versions Logto versions prior to 1.41.0 Description The self-hosted SAML application IdP constructs signed SAML responses and assertions by substituting user-controlled profile attributes, such as name, email, and custom attribute-mapping values, into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily...

5.3CVSS5.5AI score0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 4:16 p.m.14 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions 1.41.0 and 1.43.0 of OpenTelemetry-Go contain security vulnerabilities. These vulnerabilities stem from the removal of the original length field, allowing Parse to handle arbitrarily large headers,...

5.3CVSS5.3AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:45 p.m.11 views

CVE-2026-10267

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attack...

4.8CVSS5.4AI score0.00121EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Janet 输入验证错误漏洞

Janet is a functional and imperative programming language and bytecode interpreter developed by Janet Language. Versions of Janet prior to 1.41.0 had a vulnerability related to input validation errors. This vulnerability stemmed from incorrect operations in the function unmarshalonefiber found in...

4.8CVSS4.6AI score0.0012EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-29181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Rows per page
Query Builder