2208 matches found
EUVD-2026-44740
Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...
CVE-2026-53515
CVE-2026-53515 : The Better Auth library, specifically the @better-auth/sso plugin, contains a privilege escalation in versions 1.2.10 through 1.6.11. The POST /sso/register endpoint incorrectly allows any organization member to attach a new SSO provider because registerSSOProvider checks only fo...
CVE-2026-53513
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
EUVD-2026-44733
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-47158
A flaw was found in Vaultwarden, a Bitwarden-compatible server. An unauthenticated attacker could exploit a vulnerability in the Single Sign-On SSO authorization flow. This flaw, caused by improper binding of the OAuth state parameter to the browser session and inadequate cleanup of SSO...
CVE-2026-47164
Vaultwarden (Rust) prior to 1.36.0 has an authentication flaw in its SSO flow: when SSO_SIGNUPS_MATCH_EMAIL=true, an IdP identity can bind to an existing local Vaultwarden account by asserting a victim email, due to checking the IdP email_verified claim only during new-user creation. This could a...
CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...
CVE-2026-47159
Vaultwarden (Rust) prior to 1.36.0 is affected by CVE-2026-47159, where the SSO discovery and pre-validation flow exposed organization-related SSO metadata, including organizationIdentifier values for arbitrary email addresses, and allowed obtaining a valid pre-validation JWT with only the discov...
CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...
EUVD-2026-44693
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...
CVE-2026-56336
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...
CVE-2026-56313
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the...
CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...
CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
EUVD-2026-43028
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...
CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...
CVE-2026-57807
The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...
PT-2026-57307
Name of the Vulnerable Software and Affected Versions miniOrange OAuth Single Sign On - SSO OAuth Client versions prior to 38.5.9 Description An authentication bypass exists in the miniOrange OAuth SSO WordPress plugin. An unauthenticated remote attacker can exploit an alternate password-recovery...
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability
WordPress OAuth Single Sign On - SSO OAuth Client plugin = 38.5.8 - Broken Authentication vulnerability discovered by Kim Dvash in WordPress Plugin OAuth Single Sign On - SSO OAuth Client versions = 38.5.8...