Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

215 matches found

CVE
CVEadded 2026/06/02 8:30 p.m.18 views

CVE-2026-47201

The CVE-2026-47201 entry affects authentik’s SAML Source ACS endpoint, where XML Signature Wrapping can allow an attacker with any upstream-IdP account to authenticate as a different federated user. The issue arises during validation of upstream SAML responses and has been patched in authentik ve...

8.5CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/05/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to...

8.1CVSS5.5AI score0.02266EPSS
Exploits2References2
OSV
OSVadded 2026/05/28 7:16 p.m.7 views

UBUNTU-CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS5.8AI score0.00245EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/05/28 12:0 a.m.7 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.00245EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.7 views

PT-2026-44466

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description The federated token rescoping mechanism fails to propagate the original token's expiry to the newly issued token. When a federated user rescopes a token through the 'POST /v3/auth/tokens'...

8.1CVSS5.2AI score0.00245EPSS
Exploits1References16
CVE
CVEadded 2026/05/28 12:0 a.m.21 views

CVE-2026-44394

CVE-2026-44394 affects OpenStack Keystone before 29.0.2. The federated token rescoping mechanism does not propagate the original token expiry to the newly issued token; repeated rescopes can allow indefinite access by issuing tokens with a fresh TTL, bypassing token lifetime policies. Affected de...

8.1CVSS5.8AI score0.00245EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/28 12:0 a.m.8 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.02266EPSS
Exploits2References3Affected Software1
OSV
OSVadded 2026/02/24 9:16 a.m.3 views

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

8.1CVSS5.7AI score0.00261EPSS
Exploits0References1
NVD
NVDadded 2026/02/24 9:16 a.m.7 views

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

8.1CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/24 8:51 a.m.5 views

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

7.7CVSS5.2AI score0.00261EPSS
Exploits0References1
EUVD
EUVDadded 2026/02/24 8:51 a.m.5 views

EUVD-2024-17272

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

7.7CVSS5.3AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/02/24 12:0 a.m.2 views

WSO2 API Manager和WSO2 Identity Server(IS) 安全漏洞

WSO2 API Manager and WSO2 Identity Server are both products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 Identity Server is an identity authentication server. Both WSO2 API Manager and WSO2 Identity Server have security vulnerabilities. These...

8.1CVSS5.8AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/24 12:0 a.m.6 views

PT-2026-21674

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP, a local user store user’s information may be replaced duri...

7.7CVSS5.9AI score0.00261EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2011-3105

Malware in sbrugna...

10CVSS6.4AI score0.01769EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2011-3106

Malware in sbrugna...

5CVSS6.4AI score0.01762EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2009-5038

Malware in sbrugna...

6.8CVSS6.4AI score0.0121EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2009-5039

Malware in sbrugna...

1.9CVSS6.4AI score0.0027EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2013-0593

Malware in sbrugna...

4.3CVSS6.4AI score0.01161EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2011-3104

Malware in sbrugna...

10CVSS6.4AI score0.01524EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2010-2347

Malware in sbrugna...

6CVSS6.4AI score0.01177EPSS
Exploits0References9
Rows per page
Query Builder