Lucene search
K

6 matches found

CVE
CVE
added yesterday9 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-43011

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-55370

Technical details about CVE-2026-55370 are not publicly available in the provided documents. Monitor for updates.

6.4CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday19 views

CVE-2026-55370 Logto: TOTP code can be replayed within the RFC 6238 validity window (one-time use violation)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-55789

Logto’s self-hosted SAML IdP (prior to v1.41.0) was vulnerable: it built signed SAML responses by substituting user-controlled profile attributes into an unescaped XML template, allowing an authenticated low-privilege user to forge a SAML attribute (e.g., role) and cause privilege escalation at r...

8.5CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-54714

Technical details about CVE-2026-54714 are not publicly available in the provided documents. Monitor for updates from Logto advisories and releases.

6.1CVSS6.1AI score
Exploits0References4
Rows per page
Query Builder