Lucene search
K

304 matches found

Cvelist
Cvelist
added 2026/03/03 9:21 p.m.22 views

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

0.00506EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 9:21 p.m.27 views

CVE-2026-3224

Affected software: Devolutions Server (versions 2025.3.15.0 and earlier). Vulnerability: Authentication bypass in Microsoft Entra ID (Azure AD) mode, allowing an unauthenticated user to impersonate any Entra ID user via a forged JWT. Documented behavior points to exploitation via the /api/v1/logi...

9.8CVSS6AI score0.00506EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/03 7:38 a.m.8 views

WordPress All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin <= 2.2.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login versions = 2.2.5...

9.8CVSS5.9AI score0.00856EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/03 2:16 a.m.13 views

CVE-2026-2628

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...

9.8CVSS0.00856EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/03 1:21 a.m.7 views

EUVD-2026-9274

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...

9.8CVSS5.9AI score0.00856EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/03 1:21 a.m.27 views

CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...

9.8CVSS0.00856EPSS
Exploits0References2
CVE
CVE
added 2026/03/03 1:21 a.m.26 views

CVE-2026-2628

The CVE-2026-2628 concerns the All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress. Affected: all versions up to and including 2.2.5. Nature: authentication bypass, enabling unauthenticated users to log in as other users (including administrators). Impact: high (CVE metr...

9.8CVSS5.9AI score0.00856EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15.0 contained security vulnerabilities. These vulnerabilities stemmed fro...

9.8CVSS5.9AI score0.00506EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.16 views

PT-2026-22830

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.15.0 and earlier Description An authentication bypass exists in the Microsoft Entra ID Azure AD authentication mode. An unauthenticated user can authenticate as an arbitrary Entra ID user by using a forged JS...

9.8CVSS6AI score0.00506EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

WordPress plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.8AI score0.00856EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.13 views

PT-2026-22714

Name of the Vulnerable Software and Affected Versions The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress versions through 2.2.5 Description The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is susceptible to an authentication bypass,...

9.8CVSS5.7AI score0.00856EPSS
Exploits0References12
HackRead
HackRead
added 2026/02/26 2:34 p.m.6 views

Entra ID OAuth Consent Can Grant ChatGPT Access to Emails

OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.6 views

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 12:16 a.m.8 views

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

7.1CVSS0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

NetApp StorageGRID 安全漏洞

NetApp StorageGRID is a object storage solution developed by the American network device company NetApp. Versions of NetApp StorageGRID prior to 11.9.0.12 and 12.0.0.4 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability when...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 11:1 p.m.4 views

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/17 11:1 p.m.2 views

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 11:1 p.m.28 views

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

7.1CVSS0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 11:1 p.m.14 views

CVE-2026-22048

StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.9.0.12 and 12.0.0.4 when Single Sign-On is enabled and configured to use Microsoft Entra ID as the IdP. An authenticated attacker with low privileges could exploit a Server-Side Request Forgery (SSRF) vulnerability to...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20299

Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.9.0.12 StorageGRID versions prior to 12.0.0.4 Description StorageGRID, formerly known as StorageGRID Webscale, is affected by a Server-Side Request Forgery SSRF issue when Single Sign-on SSO is enabled and...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References9
Rows per page
Query Builder