CVE-2026-24069

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

PT-2026-30325

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.17.0 Description Directus SSO login pages were missing the Cross-Origin-Opener-Policy COOP HTTP response header. This allowed a malicious cross-origin window to access and manipulate the window object of the...

CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...

PT-2026-22714

Name of the Vulnerable Software and Affected Versions The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress versions through 2.2.5 Description The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is susceptible to an authentication bypass,...

CVE-2026-0948 Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...

CVE-2022-31648

Talend Administration Center is vulnerable to a reflected Cross-Site Scripting XSS issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

CVE-2025-10648 Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes'

The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moymdisplaytestattributes' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to rea...

EUVD-2022-5894

Malicious code in bioql PyPI...

EUVD-2022-28052

Malicious code in bioql PyPI...

EUVD-2025-3158

Malicious code in bioql PyPI...

EUVD-2022-53084

Malicious code in bioql PyPI...

EUVD-2023-41813

Malicious code in bioql PyPI...

CVE-2025-58447 rAthena has heap-based buffer overflow in login server

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted CASSOLOGINREQ with an oversized...

CVE-2025-54599

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorMsg parameter in the /xxl-sso-server/login process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request. Details Cross-site...

CVE-2022-22919

Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs...

Siemens Teamcenter Redirection Vulnerability

Teamcenter software is an adaptable, modern Product Lifecycle Management PLM system that connects people and processes across functional silos through digital threads to enable innovation. A redirection vulnerability exists in the Siemens Teamcenter SSO login service, which can be exploited by an...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...