5 matches found
langfuse 跨站请求伪造漏洞
langfuse is a large language model engineering platform open-sourced by Langfuse. A cross-site request forgery vulnerability exists in langfuse version 2.95.0 up to and including version 2.95.12 and version 3.17.0 up to and including version 3.131.0, which stems from a misconfiguration of SSO and...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
FAS - Users from 2-way trusted domain getting "incorrect username or password" on VDA login
Users from primary domain are able to be authenticated without issue. Users from Domain B, which is in a different forest and is trusted via 2-way trust, can authenticate with the storefront without issue. However, when launching a resource the CWA eventually loads a small window indicating the t...