Lucene search
+L

6 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/02/13 6:15 p.m.27 views

CVE-2024-21401

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability...

9.8CVSS9.5AI score0.01463EPSS
Exploits0References1
CVE
CVE
added 2024/02/13 6:2 p.m.193 views

CVE-2024-21401

The CVE-2024-21401 entry concerns Microsoft Entra Jira Single-Sign-On Plugin. Connected PT-2024-1867 indicates the vulnerability involves insufficient access restrictions, allowing a remote attacker to elevate privileges. The PTSecurity note explicitly says affected versions are not specified and...

9.8CVSS9.3AI score0.01463EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.6 views

PT-2024-1867 · Microsoft · Entra Jira Single-Sign-On Plugin

Name of the Vulnerable Software and Affected Versions: Microsoft Entra Jira Single-Sign-On Plugin affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft Entra Jira Single-Sign-On Plugin, which can be exploited by a remote attacker to...

10CVSS9.4AI score0.01463EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/07/17 12:0 a.m.17 views

WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software YourMembership Single Sign On Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37987 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9b1dfdc28505 Credits Aman Rawat...

6.3AI score0.00491EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/07/09 12:0 a.m.6 views

CloudBees Jenkins SAML PluginHTTP Session Fixation Vulnerability

CloudBees Jenkins is a Java-based continuous integration tool from CloudBees, Inc. that is used to monitor ongoing software releases/testing projects and timed tasks.SAML Plugin is a plugin that supports authentication to Jenkins using the SAML 2.0 protocol. SAML Plugin A session fixation...

5.9CVSS5.9AI score0.00852EPSS
Exploits0References1
Rows per page
Query Builder