304 matches found
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...
CVE-2026-3224
Affected software: Devolutions Server (versions 2025.3.15.0 and earlier). Vulnerability: Authentication bypass in Microsoft Entra ID (Azure AD) mode, allowing an unauthenticated user to impersonate any Entra ID user via a forged JWT. Documented behavior points to exploitation via the /api/v1/logi...
WordPress All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin <= 2.2.5 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login versions = 2.2.5...
CVE-2026-2628
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...
EUVD-2026-9274
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...
CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...
CVE-2026-2628
The CVE-2026-2628 concerns the All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress. Affected: all versions up to and including 2.2.5. Nature: authentication bypass, enabling unauthenticated users to log in as other users (including administrators). Impact: high (CVE metr...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15.0 contained security vulnerabilities. These vulnerabilities stemmed fro...
PT-2026-22830
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.15.0 and earlier Description An authentication bypass exists in the Microsoft Entra ID Azure AD authentication mode. An unauthenticated user can authenticate as an arbitrary Entra ID user by using a forged JS...
WordPress plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-22714
Name of the Vulnerable Software and Affected Versions The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress versions through 2.2.5 Description The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is susceptible to an authentication bypass,...
Entra ID OAuth Consent Can Grant ChatGPT Access to Emails
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access...
CVE-2026-22048
StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...
CVE-2026-22048
StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...
NetApp StorageGRID 安全漏洞
NetApp StorageGRID is a object storage solution developed by the American network device company NetApp. Versions of NetApp StorageGRID prior to 11.9.0.12 and 12.0.0.4 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability when...
CVE-2026-22048
StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...
CVE-2026-22048
StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...
CVE-2026-22048
StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...
CVE-2026-22048
StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.9.0.12 and 12.0.0.4 when Single Sign-On is enabled and configured to use Microsoft Entra ID as the IdP. An authenticated attacker with low privileges could exploit a Server-Side Request Forgery (SSRF) vulnerability to...
PT-2026-20299
Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.9.0.12 StorageGRID versions prior to 12.0.0.4 Description StorageGRID, formerly known as StorageGRID Webscale, is affected by a Server-Side Request Forgery SSRF issue when Single Sign-on SSO is enabled and...