CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1093 matches found

CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.4AI score0.00091EPSS

Exploits0References2

RedhatCVE•added 3 days ago•5 views

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS5.7AI score0.00052EPSS

Exploits0References1

OSV•added 3 days ago•4 views

BIT-AUTHENTIK-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS5.4AI score0.00102EPSS

Exploits0References2

RedhatCVE•added 4 days ago•7 views

CVE-2026-44394

A flaw was found in OpenStack Keystone. The federated token rescoping mechanism does not correctly propagate the original token's expiry to newly issued tokens. This allows a federated user to repeatedly rescope a token before it expires, effectively maintaining indefinite access and bypassing...

8.1CVSS5.7AI score0.00052EPSS

Exploits1References5

Packet Storm News•added 4 days ago•6 views

Cognitive Threat Intelligence and Explainable Federated Security Analytics for Distributed Infrastructure Systems

The increasing adoption of distributed infrastructure systems, cloud computing, Internet of Things IoT technologies, and edge-based architectures has significantly expanded the cybersecurity attack surface and introduced increasingly sophisticated cyber threats. Conventional centralized intrusion...

5.5AI score

Exploits0

ATTACKERKB•added 6 days ago•6 views

CVE-2026-47201

8.5CVSS5.8AI score0.00102EPSS

Exploits0References2Affected Software1

CVE•added 6 days ago•12 views

CVE-2026-47201

The CVE-2026-47201 entry affects authentik’s SAML Source ACS endpoint, where XML Signature Wrapping can allow an attacker with any upstream-IdP account to authenticate as a different federated user. The issue arises during validation of upstream SAML responses and has been patched in authentik ve...

8.5CVSS5.8AI score0.00102EPSS

Exploits0References1Affected Software1

Vulnrichment•added 6 days ago•5 views

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

8.5CVSS5.8AI score0.00102EPSS

Exploits0References1

Cvelist•added 6 days ago•26 views

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

8.5CVSS0.00102EPSS

Exploits0References1

Packet Storm News•added 2026/06/01 12:0 a.m.•10 views

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

5.8AI score

Exploits0

Tenable Nessus•added 2026/06/01 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that...

5.1CVSS5.5AI score0.00091EPSS

Exploits0References2

OSV•added 2026/05/29 8:25 p.m.•7 views

GHSA-C3M2-JQMQ-PVP3 authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. Patches authentik 2026.5.1, 2026.2.4 and...

8.5CVSS5.8AI score0.00102EPSS

Exploits0References3

Github Security Blog•added 2026/05/29 8:25 p.m.•16 views

authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

8.5CVSS5.8AI score0.00102EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2026/05/29 1:20 a.m.•9 views

SUSE CVE-2026-45076

5.1CVSS5.8AI score0.00091EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to...

8.1CVSS5.8AI score0.00561EPSS

Exploits2References3

NVD•added 2026/05/28 7:16 p.m.•7 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS0.00052EPSS

Exploits1References2

OSV•added 2026/05/28 7:16 p.m.•6 views

UBUNTU-CVE-2026-44394

8.1CVSS5.8AI score0.00052EPSS

Exploits1References4