Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/03/24 3:30 p.m.15 views

CVE-2026-33668 Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV...

7.1CVSS0.00107EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/05/21 9:5 p.m.12 views

CVE-2009-5083

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors...

6.8CVSS7.2AI score0.00216EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2023/02/15 6:9 a.m.2 views

SUSE CVE-2008-0169

Plugin/passwordauth.pm aka the passwordauth plugin in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence...

6.8CVSS9.4AI score0.00468EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2022/11/04 12:0 a.m.5 views

CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWi...

9.1CVSS9.3AI score0.00147EPSS
Exploits0References3
OSV
OSVadded 2014/04/03 12:43 a.m.6 views

MGASA-2014-0151 Updated php-ZendFramework packages fix multiple vulnerabilities

Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform oth...

7.5CVSS9.5AI score0.02971EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2014/03/04 12:0 a.m.9 views

Fedora 19 : python-tahrir-0.5.2-1.fc19 (2014-2253)

Fix openid login from untrusted providers. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2014/03/04 12:0 a.m.19 views

Fedora 20 : python-tahrir-0.5.1-1.fc20 (2014-2264)

Fix openid login from untrusted provider. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

5.4AI score
Exploits0References1
Rows per page
Query Builder