Lucene search
K

15 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/22 5:0 p.m.18 views

Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms

Identity is the backbone of modern cybersecurity. Every access decision carries risk, across employees, partners, devices, workloads, and an expanding set of AI-powered agents. But most organizations are still operating across disparate systems. Identity signals are captured in one place, access...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/07 3:45 p.m.6 views

EUVD-2026-19941

OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via jato.clientSession Deserialization in OpenAM...

9.3CVSS6AI score0.1049EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30917

Name of the Vulnerable Software and Affected Versions OpenAM versions prior to 16.0.6 Description Open Access Management OpenAM is an access management solution. An unauthenticated attacker can achieve arbitrary command execution on the server through unsafe Java deserialization. This occurs when...

9.8CVSS6.2AI score0.1049EPSS
Exploits2References19
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:9 p.m.3 views

CVE-2026-29192

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...

7.7CVSS5.7AI score0.00318EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2025/10/24 11:43 p.m.10 views

com.itextpdf:bouncy-castle-fips-adapter (=9.6.0), org.openidentityplatform.opendj:opendj-cli (=4.10.2) +70 more potentially affected by CVE-2025-12194 via org.bouncycastle:bc-fips (=2.1.1)

org.bouncycastle:bc-fips MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.itextpdf:bouncy-castle-fips-adapter =9.6.0 - org.openidentityplatform.opendj:opendj-cli =4.10.2 -...

5.9CVSS7.2AI score0.00142EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.9 views

PT-2024-27471 · User Oidc · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc app versions prior to 3.0.0 user oidc app versions prior to 4.0.0 user oidc app versions prior to 5.0.0 Description: The issue is related to missing access control on the ID4me endpoint, allowing an attacker to register an account a...

6.3CVSS7.3AI score0.00637EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2024/05/03 6:30 p.m.8 views

com.srcclr:srcclr-maven-plugin (>=3.1.23 <=3.1.25), org.keycloak:keycloak-crypto-fips1402 (>=19.0.0 <=25.0.6) +17 more potentially affected by CVE-2024-34447 via org.bouncycastle:bctls-fips (>=1.0.12.2 <=1.0.18)

org.bouncycastle:bctls-fips MAVEN version =1.0.12.2, =3.1.23, =19.0.0, =14.7.0.0, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.6.3 and more Source cves: CVE-2024-34447 Source advisory:...

7.5CVSS6.7AI score0.0077EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/02/21 4:8 p.m.11 views

CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform

discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...

9CVSS7AI score0.00798EPSS
Exploits0References3
CNVD
CNVD
added 2023/06/21 12:0 a.m.8 views

IBM Security Directory Suite VA Resource Management Error Vulnerability

IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. A resource management error vulnerability exists in IBM Security Directory Suite VA, which can be exploited by an attacker to...

7.5CVSS6.4AI score0.00765EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/08/13 8:16 p.m.74 views

Improper Authorization and Origin Validation Error in OneFuzz

Impact Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be: Version 2.12.0 or greater Deployed...

10CVSS8.9AI score0.02415EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/08/13 8:16 p.m.15 views

GHSA-Q5VH-6WHW-X745 Improper Authorization and Origin Validation Error in OneFuzz

Impact Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be: Version 2.12.0 or greater Deployed...

10CVSS9.3AI score0.02415EPSS
Exploits0References8
Kitploit
Kitploit
added 2021/07/27 9:30 p.m.86 views

TokenTactics - Azure JWT Token Manipulation Toolset

Azure JSON Web Token "JWT" Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user's access token, it may be possible to access certain apps such as...

7.2AI score
Exploits0References3
CNVD
CNVD
added 2021/01/28 12:0 a.m.3 views

Unauthorized Access Vulnerability in Unified Identity Platform of Lianhe Technology Co.

Lianyi Technology Co., Ltd. was registered and established on July 05, 2004 in Guangzhou Administration for Industry and Commerce. The company's business scope includes software development; information system integration services; information technology consulting services and so on. An...

6.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/07/08 4:0 p.m.26 views

Protecting your remote workforce from application-based attacks like consent phishing

The global pandemic has dramatically shifted how people work. As a result, organizations around the world have scaled up cloud services to support collaboration and productivity from home. We’re also seeing more apps leverage Microsoft’s identity platform to ensure seamless access and integrated...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/07 9:8 a.m.92 views

Authentication Bypass Vulnerability Found in Auth0 Identity Platform

A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication...

9.8CVSS9.3AI score0.02335EPSS
Exploits0
Rows per page
Query Builder