Lucene search
+L

45 matches found

OSV
OSV
added 2026/07/08 10:20 p.m.4 views

CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS6.1AI score0.00246EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51079

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML 1.1 and SAML 2.0 token validation fails to correctly resolve the issuer signing key or enforce signed tokens when IdentityConfiguration is used with federated...

10CVSS6AI score0.00246EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/04 12:4 p.m.13 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.8AI score0.00328EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 4:58 p.m.46 views

CVE-2026-40379

CVE-2026-40379 is a Microsoft ESTS (Enterprise Security Token Service) spoofing vulnerability impacting Azure services. The connected sources confirm exposure of sensitive information to an unauthorized actor in Azure Entra ID and describe exploitation as network-based spoofing. The CVSS 3.1 scor...

9.3CVSS5.8AI score0.0091EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 4:58 p.m.46 views

CVE-2026-40379 Azure Entra ID Spoofing Vulnerability

...

9.3CVSS0.0091EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2026/05/07 12:0 a.m.19 views

KLA91030 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...

10CVSS6.8AI score0.01164EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.6 views

SUSE CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

9.1CVSS5.8AI score0.00394EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

9.1CVSS5.7AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 8:16 p.m.12 views

CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

9.1CVSS0.00394EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:5 p.m.10 views

CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

9.1CVSS5.8AI score0.00394EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

MinIO 安全漏洞

MinIO is an open-source object storage server provided by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions prior to MinIO RELEASE.2026-03-17T21-25-16Z contained a security vulnerability. This...

9.1CVSS6.4AI score0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26758

Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2026-03-17T21-25-16Z Description The MinIO AIStor Security Token Service STS AssumeRoleWithLDAPIdentity endpoint is susceptible to LDAP credential brute-forcing. This is due to a combination of distinguishable...

10CVSS5.8AI score0.03256EPSS
Exploits67References151
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.4 views

acmer (>=0.0.1 <=0.0.16), auth-proxy (>=0.0.1 <=0.1.1) +445 more potentially affected by unknown CVE via aws-sdk-sts (>=0.0.22-alpha <=0.9.0)

aws-sdk-sts CARGO version =0.0.22-alpha, =0.0.1, =0.0.1, =0.2.36, =0.0.18, =0.0.42, =0.0.1, =0.0.22-alpha, =0.0.1, =0.0.24, =0.0.1, =0.1.0, =0.4.0, =0.2.0, =0.2.0, =0.34.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
OSV
OSV
added 2025/10/30 3:2 p.m.6 views

GO-2025-4034 MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio

MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio...

8.1CVSS7AI score0.00515EPSS
Exploits1References7
OSV
OSV
added 2025/10/21 9:34 a.m.4 views

BIT-MINIO-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.3AI score0.00515EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/10/17 9:45 p.m.6 views

CVE-2025-62506

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.2AI score0.00515EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2025/10/17 12:0 a.m.14 views

minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS

mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...

8.1CVSS7.2AI score0.00515EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/16 9:17 p.m.6 views

EUVD-2025-34834

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS6.7AI score0.00515EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/16 9:17 p.m.5 views

CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS6.8AI score0.00515EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/16 9:17 p.m.12 views

CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS0.00515EPSS
Exploits1References3
Rows per page
Query Builder