Lucene search
K

342 matches found

NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:57 p.m.6 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus

Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/22 12:25 p.m.28 views

CVE-2026-56425 MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:25 p.m.13 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-45480

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.17 views

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

10CVSS0.00562EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 8:27 p.m.80 views

CVE-2026-45480

CVE-2026-45480 affects Azure Active Directory; improper authentication enables elevation of privileges over a network. The CVSS 3.1 score is 10.0 (CRITICAL) with network attack vector, no user interaction, and HIGH impact on confidentiality, integrity, and availability. No specific patch version ...

10CVSS5.9AI score0.00562EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/19 8:27 p.m.6 views

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

10CVSS5.8AI score0.00562EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:27 p.m.4 views

CVE-2026-45480

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00562EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 8:27 p.m.8 views

EUVD-2026-38086

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00562EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51031

Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

10CVSS5.9AI score0.00562EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.13 views

Azure Active Directory Elevation of Privilege Vulnerability

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00562EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41574

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

9.8CVSS5.4AI score0.00809EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.15 views

CVE-2026-33843

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 12:6 a.m.11 views

CVE-2026-42151

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References8
NVD
NVD
added 2026/05/22 11:16 p.m.18 views

CVE-2026-33843

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS0.00473EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 10:3 p.m.10 views

CVE-2026-33843 Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

...

9.1CVSS5.8AI score0.00473EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:3 p.m.10 views

EUVD-2026-31519

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network...

9.1CVSS5.8AI score0.00473EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:3 p.m.61 views

CVE-2026-33843

CVE-2026-33843 affects Microsoft Azure Active Directory B2C. A authentication bypass via an alternate path or channel could allow an unauthorized attacker to elevate privileges over a network. The CVSSv3.1 base score is 9.1 (CRITICAL) with high impact on confidentiality and integrity, and no user...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder