Lucene search
+L

15941 matches found

cve
cve
added 6 days ago14 views

CVE-2026-56668

Product/Component : ZITADEL identity management platform (OAuth2 Token Exchange endpoint). Vulnerability : Prior to version 4.15.3, the endpoint for grant-type: token-exchange does not verify that the subject token belongs to the requesting client, nor ensure requested scopes stay within the orig...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References3
cvelist
cvelist
added 6 days ago35 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS0.00231EPSS
Exploits0References3
osv
osv
added 6 days ago2 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References5
cve
cve
added 6 days ago31 views

CVE-2026-55672

Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References5
cvelist
cvelist
added 6 days ago29 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
osv
osv
added 6 days ago4 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References7
circl
circl
added 6 days ago6 views

CVE-2026-54469

creationtimestamp| type| source ---|---|--- 2026-07-10 15:30:16+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116896393517811948 2026-07-10 17:27:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcoasxcp327 2026-07-10 21:24:23+00:00| seen|...

8.8CVSS6.1AI score0.00442EPSS
Exploits0References4
circl
circl
added 6 days ago7 views

CVE-2026-31267

creationtimestamp| type| source ---|---|--- 2026-07-10 14:07:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116896068760157808 2026-07-11 00:34:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg4zqogq2z...

5.7CVSS6.1AI score0.00198EPSS
Exploits0References2
redhatcve
redhatcve
added 6 days ago9 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.00191EPSS
Exploits1References7
circl
circl
added 6 days ago8 views

CVE-2026-14894

creationtimestamp| type| source ---|---|--- 2026-07-10 04:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116893799245990836 2026-07-10 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqbctmoxsp2t 2026-07-10 05:00:33+00:00| seen|...

9.8CVSS6.1AI score0.00523EPSS
Exploits2References9
nessus
nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References3
ptsecurity
ptsecurity
added 6 days ago8 views

PT-2026-57306

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...

5.3CVSS6.1AI score0.00271EPSS
Exploits1References10
snyk
snyk
added 2026/07/09 4:31 p.m.4 views

User Impersonation

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation via the token-exchange identity-resolution service in packages/cli/src/modules/token-exchange/services/identity-resolution.service.ts. An attacker can authenticate as another user...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References2
osv
osv
added 2026/07/09 3:27 p.m.3 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/09 3:27 p.m.33 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS0.00143EPSS
Exploits0References3
cve
cve
added 2026/07/09 3:27 p.m.18 views

CVE-2026-59208

CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/07/09 12:50 p.m.1 views

OESA-2026-2910 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

8.1CVSS6.5AI score0.00597EPSS
Exploits0References4
osv
osv
added 2026/07/09 12:50 p.m.2 views

OESA-2026-2909 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

8.1CVSS6.5AI score0.00597EPSS
Exploits0References4
circl
circl
added 2026/07/09 12:0 p.m.9 views

CVE-2026-56291

creationtimestamp| type| source ---|---|--- 2026-07-09 12:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116889906648087046 2026-07-09 12:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq7ljhukn42i 2026-07-09 12:03:01+00:00| seen|...

10CVSS6.2AI score0.00836EPSS
Exploits5References41
circl
circl
added 2026/07/09 1:30 a.m.6 views

CVE-2026-15112

creationtimestamp| type| source ---|---|--- 2026-07-09 01:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116887429378642543 2026-07-09 01:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq6icwy3iv23 2026-07-09 04:45:15+00:00| seen|...

8.8CVSS5.9AI score0.0026EPSS
Exploits0References4
Rows per page
Query Builder