Lucene search
K

63 matches found

Cvelist
Cvelist
added 2026/05/22 2:31 p.m.8 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS5.8AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Dell ECS 访问控制错误漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:19 p.m.45 views

CVE-2026-42864 FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

9.9CVSS0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 8:16 a.m.17 views

CVE-2026-33060

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.7CVSS0.00289EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Microsoft Entra authorization issue vulnerability

Microsoft Entra is an identity and access management system developed by the American company Microsoft. There is a vulnerability in Microsoft Entra’s authorization mechanism, which stems from improper authorization practices. Attackers can exploit this vulnerability to gain increased privileges...

9.8CVSS5.8AI score0.00497EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2024-2615

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00748EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 p.m.8 views

CVE-2020-14874

Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of th...

6.5CVSS5.4AI score0.00834EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/12/09 11:0 a.m.6 views

Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization's resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what...

6.9AI score
Exploits0
NVD
NVD
added 2024/08/20 9:15 p.m.16 views

CVE-2024-41657

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.8CVSS0.00748EPSS
Exploits1References2
NVD
NVD
added 2024/05/31 3:15 p.m.14 views

CVE-2024-36108

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR 201 which is pending merge. An attacker could use id paramet...

9.8CVSS9.6AI score0.00632EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/31 2:37 p.m.26 views

CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR 201 which is pending merge. An attacker could use id paramet...

9.8CVSS9.6AI score0.00632EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/31 2:37 p.m.11 views

CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR 201 which is pending merge. An attacker could use id paramet...

9.8CVSS7AI score0.00632EPSS
Exploits0References2
CNVD
CNVD
added 2023/10/25 12:0 a.m.21 views

IBM Security Verify Governance Cross-Site Scripting Vulnerability

IBM Security Verify Governance is an identity and access management solution provided by IBM. It is a software system for managing and monitoring user identities, permissions and access. A cross-site scripting vulnerability exists in IBM Security Verify Governance, which can be exploited by an...

4.8CVSS6AI score0.00316EPSS
Exploits0References1
CISA
CISA
added 2023/10/04 12:0 p.m.7 views

CISA and NSA Release New Guidance on Identity and Access Management

Today, CISA and the National Security Agency NSA published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework ESF, a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that...

7.4AI score
Exploits0References2
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.12 views

HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from HashiCorp USA. A security vulnerability exists in HashiCorp Vault versions prior to 1.13.0 and Vault Enterprise versions prior to 1.13.0 that stems from an existing IAM condition that is not preserved when creating or updating a role se...

7.6CVSS6.7AI score0.00436EPSS
Exploits0References4
CVE
CVE
added 2023/07/07 7:57 p.m.184 views

CVE-2022-4361

CVE-2022-4361 affects Keycloak’s SAML and OIDC providers, with a cross-site scripting (XSS) vulnerability that can be triggered by setting the AssertionConsumerServiceURL value or the redirect_uri. The connected sources consistently describe XSS in the SAML/OIDC flows and the ability to cause mal...

10CVSS5.7AI score0.00626EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/07 7:57 p.m.18 views

CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

10CVSS5.7AI score0.00626EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/06/21 11:38 a.m.65 views

Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/05/23 3:0 p.m.17 views

Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security

At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and...

6.9AI score
Exploits0
Rows per page
Query Builder