Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 10:7 a.m.12 views

CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...

9.2CVSS5.3AI score0.00563EPSS
Exploits1References5
OSV
OSV
added 2026/06/15 10:7 a.m.3 views

CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...

9.2CVSS6AI score0.00563EPSS
Exploits1References11
OSV
OSV
added 2026/06/15 10:7 a.m.10 views

EEF-CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Summary Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined...

9.2CVSS5.4AI score0.00563EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.7 views

PT-2025-6376 · Unknown · Ashauthentication

Name of the Vulnerable Software and Affected Versions: AshAuthentication versions 4.1.0 through 4.4.8 Description: The issue affects applications that have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and have used the magic link strategy or are manually revoking...

6.3CVSS7.5AI score0.00301EPSS
Exploits1References9
Rows per page
Query Builder