1110 matches found
CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...
CVE-2026-45690 Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...
EUVD-2026-33716
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...
CVE-2026-9098
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...
CVE-2026-9098
Casdoor versions up to 2.362.0 expose a SAML flaw: the /api/acs callback accepts any well-formed SAMLResponse without tying it to a prior AuthnRequest. If an administrator disables or deletes an IdP during a flow, the handler still uses the initial provider snapshot, enabling unsolicited SAML res...
EUVD-2026-32949
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
PT-2026-44427
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...
CVE-2026-41164 nuts-node: JWT type confusion in v1 access token introspection allows VP replay as access token
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
EUVD-2026-31550
A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...
CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470
The CVE describes an authorization bypass in LIVE555’s RTSP server prior to 2026.04.22. The root cause is improper handling of RTSP session commands that allows an attacker to replay a valid Session token from an unauthenticated connection. With a valid token, an attacker can issue PLAY and TEARD...
EUVD-2026-30886
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
Replay Attack
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Replay Attack through the RequiredActionFactory and required-action implementations in the authentication flo...
Replay Attack
Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Replay Attack through the RequiredActionFactory and required-action implementations in the...
CVE-2026-45028
Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...
CVE-2026-45028
Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...
CVE-2026-45028
Astro prior to 6.1.10 used AES-GCM to protect server island props and slots but did not bind ciphertext to the target component/type, enabling replay of an encrypted props value as a slots value (and vice versa). This could cause XSS when overlapping prop/slot keys occur in dynamically rendered p...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack in the Proxy-Authorization: header handling process. An attacker can gain unauthorized access to resources or sensitive information by leveraging a scenario where authentication credentials intended for one proxy are...