214 matches found
CVE-2026-6736
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...
CVE-2026-9087
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account. Mitigation To...
PT-2026-42189
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
GitHub Enterprise Server 访问控制错误漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was an access control...
CVE-2025-71280
XenForo before 2.3.7 is affected by an information-disclosure vulnerability where local account pages could be cached on shared systems, exposing sensitive user data to other local users. The root cause is local page caching on multi-user machines. Impact is exposure of user information; CVSS met...
CVE-2025-71280 XenForo Local Account Page Caching Information Disclosure
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users...
CVE-2025-71280 XenForo Local Account Page Caching Information Disclosure
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users...
CVE-2026-28777
The SFX2100 Satellite Receiver from IDC is affected by a credential issue: a trivial password for the user (usr) account enables remote unauthenticated SSH access. An attacker can land in a restricted shell and trivially spawn a full pty for an interactive shell, leading to high impact on confide...
WSO2 API Manager和WSO2 Identity Server(IS) 安全漏洞
WSO2 API Manager and WSO2 Identity Server are both products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 Identity Server is an identity authentication server. Both WSO2 API Manager and WSO2 Identity Server have security vulnerabilities. These...
CVE-2025-54149 Qsync Central
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...
CVE-2023-29057
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...
CVE-2025-62781
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
EUVD-2019-5526
Malware in sbrugna...
EUVD-2020-18318
Malware in sbrugna...
EUVD-1999-0501
Malware in sbrugna...
EUVD-2017-12880
Malware in sbrugna...