Lucene search
K

1016 matches found

Cvelist
Cvelist
added 2026/06/30 12:0 p.m.40 views

CVE-2026-12388 Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-533 Sentry: Improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...

9.1CVSS5.8AI score0.00435EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-534 Sentry's improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...

9.1CVSS5.8AI score0.00623EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-532 Sentry's improper authentication on SAML SSO process allows user impersonation

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...

9.1CVSS5.8AI score0.00584EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5732 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider in github.com/zitadel/zitadel

ZITADEL: Missing Token Lifecyle Validation exp and iat in JWT IdP Provider in github.com/zitadel/zitadel...

4.2CVSS5.8AI score0.00203EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:38 p.m.10 views

CVE-2026-12473

OHIF Viewers are affected: two default-configured data sources, DICOMWebProxy and DICOMJSON, fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the user's OIDC Bearer token into those requests and transmits it to an attacker-controll...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5391 ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider in github.com/zitadel/zitadel

ZITADEL: Missing Token Audience Validation aud in JWT IdP Provider in github.com/zitadel/zitadel...

4.2CVSS5.8AI score0.00112EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5231 Dex: Token-exchange endpoint is missing AllowedConnectors enforcement in github.com/dexidp/dex

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement in github.com/dexidp/dex...

5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

8.1CVSS5.8AI score0.00312EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-46423

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...

9.3CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56223

Capgo

9.3CVSS6AI score0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52096

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...

9.3CVSS5.7AI score0.00149EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 11:16 p.m.10 views

CVE-2026-54588

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS0.00312EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS0.00203EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:50 p.m.5 views

CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS5.9AI score0.00203EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51607

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Description Poweradmin is a web-based DNS administration tool for PowerDNS server. The software uses the attacker-controlled HTTP HOST request header as the authoritative...

9.6CVSS6AI score0.00312EPSS
Exploits0References14
Snyk
Snyk
added 2026/06/18 1:52 p.m.6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...

4.2CVSS6AI score0.00112EPSS
Exploits0References2
Rows per page
Query Builder