Lucene search
+L

1045 matches found

BDU FSTEC
BDU FSTEC
added yesterday19 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
Cvelist
Cvelist
added yesterday12 views

CVE-2026-49284 SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking...

7.1CVSS
Exploits0References3
CVE
CVE
added yesterday33 views

CVE-2026-49284

The CVE affects SimpleSAMLphp SP: the ACS path permits a response from an unexpected IdP when an unsigned Response/InResponseTo combines with a signed assertion lacking SubjectConfirmationData/InResponseTo. A response from IdP B can be bound to SP state created for IdP A, allowing bypass of IdP-s...

7.1CVSS5.3AI score
Exploits0References3
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15943 Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score
Exploits0References3
Nuclei
Nuclei
added yesterday30 views

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.9AI score0.06139EPSS
Exploits1References5
NVD
NVD
added 2 days ago8 views

CVE-2026-1609

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS0.00506EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-1609

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS6.1AI score0.00506EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2 days ago34 views

CVE-2026-1609

CVE-2026-1609 affects Keycloak: when the JWT authorization grant preview feature is enabled and a user is disabled, Keycloak may not validate the user’s disabled status during JWT grant processing. A remote, low-privilege attacker can present an assertion token from an external IdP to obtain a JW...

8.1CVSS6.1AI score0.00506EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS0.0027EPSS
Exploits0References4
CVE
CVE
added 3 days ago15 views

CVE-2026-47164

Vaultwarden (Rust) prior to 1.36.0 has an authentication flaw in its SSO flow: when SSO_SIGNUPS_MATCH_EMAIL=true, an IdP identity can bind to an existing local Vaultwarden account by asserting a victim email, due to checking the IdP email_verified claim only during new-user creation. This could a...

7.7CVSS6.1AI score0.0027EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS6.1AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS0.0016EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:55 p.m.4 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
NVD
NVD
added 2026/07/10 7:17 p.m.11 views

CVE-2026-59151

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS0.00296EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 6:16 p.m.7 views

CVE-2026-56666

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS0.00189EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/10 5:37 p.m.1 views

CVE-2026-56666

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/10 5:37 p.m.10 views

CVE-2026-56666

ZITADEL before v4.15.3 permits auto-linking by email without confirming IdP ownership of the email. The external IdP handler validates the local email but not that the IdP confirms ownership, enabling linking a permissive provider account to a victim’s local account. This vulnerability is address...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 5:37 p.m.32 views

CVE-2026-56666 ZITADEL: Auto-linking by email: IdP-side email verification is not checked

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 5:22 p.m.11 views

CVE-2026-56665

ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
Rows per page
Query Builder