5 matches found
aap-controller: aap-gateway: Account hijacking and unauthorized access via unverified email linking
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-35400
LORIS (Longitudinal Online Research and Imaging System) is affected from 20.0.0 up to but not including 27.0.3 and 28.0.1 by a publication module flaw that trusts the baseURL submitted via a user’s POST request instead of the internal LORIS value. This could allow an attacker with publication-mod...
PT-2023-19947 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.1 Nextcloud Server versions prior to 24.0.8 Nextcloud Server versions prior to 23.0.12 Nextcloud Enterprise Server versions prior to 25.0.1 Nextcloud Enterprise Server versions prior to 24.0.8 Nextcloud...
OX App Suite Access Control Bypass Vulnerability
Open-Xchange OX App Suite is a modular platform designed for telcos, hosting companies and vendors to provide a wide range of cloud-based services. An access control bypass vulnerability exists in OX App Suite 7.10.3 and earlier versions. The vulnerability stems from an incorrect permission check...
External news readers and e-mail clients can be used to execute arbitrary code – Opera Security Advisories
External news readers and e-mail clients can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | October 16, 2007 External news readers and e-mail clients can be used to execute arbitrary code. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prio...