9 matches found
EUVD-2026-31522
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
World Passkey Day: Advancing passwordless authentication
World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
PT-2026-35919
Name of the Vulnerable Software and Affected Versions Jenkins Microsoft Entra ID previously Azure AD Plugin versions prior to 666.v6060de32f87d Description The plugin does not restrict the redirect URL after login, which allows attackers to perform phishing attacks. Recommendations Update the...
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
...
Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-5338
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...
Microsoft Entra ID 访问控制错误漏洞
Microsoft Entra ID is a cloud-based identity and management solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Entra ID that stems from an elevation of privilege vulnerability...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromi...