Lucene search
K

4 matches found

Veracode
Veracode
added 2 days ago7 views

Improper Authentication

github.com/coder/coder is vulnerable to Improper Authentication. The vulnerability is due to improper OIDC email-based account linking and incorrect handling of the emailverified claim, which allows an attacker to authenticate with a malicious or unverified OIDC identity and take over another...

7.4CVSS6AI score0.00479EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/20 2:22 p.m.10 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS5.8AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 8:16 p.m.7 views

CVE-2026-34456

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.8CVSS0.00455EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/01 8:0 p.m.26 views

CVE-2026-34456 Reviactyl: OAuth account takeover via auto-linking

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.1CVSS0.00455EPSS
Exploits0References3
Rows per page
Query Builder