15941 matches found
CVE-2026-56668
Product/Component : ZITADEL identity management platform (OAuth2 Token Exchange endpoint). Vulnerability : Prior to version 4.15.3, the endpoint for grant-type: token-exchange does not verify that the subject token belongs to the requesting client, nor ensure requested scopes stay within the orig...
CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...
CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...
CVE-2026-55672
Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...
CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...
CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...
CVE-2026-54469
creationtimestamp| type| source ---|---|--- 2026-07-10 15:30:16+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116896393517811948 2026-07-10 17:27:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcoasxcp327 2026-07-10 21:24:23+00:00| seen|...
CVE-2026-31267
creationtimestamp| type| source ---|---|--- 2026-07-10 14:07:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116896068760157808 2026-07-11 00:34:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg4zqogq2z...
CVE-2026-44512
A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...
CVE-2026-14894
creationtimestamp| type| source ---|---|--- 2026-07-10 04:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116893799245990836 2026-07-10 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqbctmoxsp2t 2026-07-10 05:00:33+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2026-44512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can...
PT-2026-57306
Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...
User Impersonation
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation via the token-exchange identity-resolution service in packages/cli/src/modules/token-exchange/services/identity-resolution.service.ts. An attacker can authenticate as another user...
CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...
CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...
CVE-2026-59208
CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...
OESA-2026-2910 libreswan security update
Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...
OESA-2026-2909 libreswan security update
Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...
CVE-2026-56291
creationtimestamp| type| source ---|---|--- 2026-07-09 12:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116889906648087046 2026-07-09 12:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq7ljhukn42i 2026-07-09 12:03:01+00:00| seen|...
CVE-2026-15112
creationtimestamp| type| source ---|---|--- 2026-07-09 01:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116887429378642543 2026-07-09 01:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq6icwy3iv23 2026-07-09 04:45:15+00:00| seen|...