Lucene search
K

1702 matches found

Nuclei
Nuclei
added 11 hours ago152 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS6.9AI score0.02837EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-55672

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42964

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS6.2AI score0.00225EPSS
Exploits0References3
CVE
CVE
added 3 days ago30 views

CVE-2026-55672

Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

6.8CVSS6.1AI score0.00298EPSS
Exploits0References8
Veracode
Veracode
added 3 days ago6 views

Cross-Site Request Forgery (CSRF)

Leantime is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing validation of the OIDC state parameter in the verifyState method, where attacker-controlled authorization callbacks are accepted without verification, allowing attackers to perform session fixation and...

8.6CVSS6.1AI score0.00153EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS6AI score0.00298EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59819

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/testconnection endpoint. By supplying specific environment or OIDC OpenID Connect file reference...

4.9CVSS6AI score0.00278EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-12593 Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS0.00281EPSS
Exploits0References1
Veracode
Veracode
added 4 days ago10 views

Improper Authentication

github.com/coder/coder is vulnerable to Improper Authentication. The vulnerability is due to improper OIDC email-based account linking and incorrect handling of the emailverified claim, which allows an attacker to authenticate with a malicious or unverified OIDC identity and take over another...

7.4CVSS6AI score0.00479EPSS
Exploits0References10Affected Software2
NVD
NVD
added 5 days ago8 views

CVE-2026-59819

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

4.9CVSS0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56542

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.10-stable Description LiteLLM is a proxy server that functions as an AI Gateway for calling LLM APIs. The '/health/test connection' endpoint resolves request-supplied environment and OIDC file references within t...

2.1CVSS6.1AI score0.00278EPSS
Exploits0References9
CVE
CVE
added 6 days ago13 views

CVE-2026-55076

Coder’s CVE-2026-55076 describes an OIDC callback flaw where the email_verified claim was checked with a direct Go bool assertion. If an IdP returns a non-boolean value (e.g., "false") or omits the claim, the check can pass incorrectly, in combination with an unconditional email-based account fal...

7.4CVSS6AI score0.00479EPSS
Exploits0References7Affected Software1
NVD
NVD
added 6 days ago10 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00479EPSS
Exploits0References7
CVE
CVE
added 6 days ago14 views

CVE-2026-55075

Coder’s OIDC login flaw leads to account takeover via email-based user matching and improper handling of email_verified. Before versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two issues exist: (1) email-based matching could link by email without confirming an existing link to a different IdP subjec...

7.4CVSS6AI score0.00479EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS6AI score0.00479EPSS
Exploits0References8Affected Software1
OSV
OSV
added 6 days ago7 views

GO-2026-5907 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder

Coder's OIDC emailverified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References1
Veracode
Veracode
added 6 days ago7 views

Authentication Bypass

Coder is vulnerable to an authentication bypass. The vulnerability is due to improper validation of the emailverified claim in the OIDC callback and an unconditional email-based account fallback, which allows an attacker to take over accounts by supplying a non-boolean or missing emailverified...

7.4CVSS6AI score0.00479EPSS
Exploits0References12Affected Software2
NVD
NVD
added last week5 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
Rows per page
Query Builder