Lucene search
K

2208 matches found

CVE
CVE
added 5 hours ago5 views

CVE-2026-53515

CVE-2026-53515 : The Better Auth library, specifically the @better-auth/sso plugin, contains a privilege escalation in versions 1.2.10 through 1.6.11. The POST /sso/register endpoint incorrectly allows any organization member to attach a new SSO provider because registerSSOProvider checks only fo...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-44740

Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00025EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-44733

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00025EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 hours ago4 views

CVE-2026-47158

A flaw was found in Vaultwarden, a Bitwarden-compatible server. An unauthenticated attacker could exploit a vulnerability in the Single Sign-On SSO authorization flow. This flaw, caused by improper binding of the OAuth state parameter to the browser session and inadequate cleanup of SSO...

8.3CVSS6AI score0.00031EPSS
Exploits0References2
CVE
CVE
added 7 hours ago12 views

CVE-2026-47164

Vaultwarden (Rust) prior to 1.36.0 has an authentication flaw in its SSO flow: when SSO_SIGNUPS_MATCH_EMAIL=true, an IdP identity can bind to an existing local Vaultwarden account by asserting a victim email, due to checking the IdP email_verified claim only during new-user creation. This could a...

7.7CVSS6.1AI score0.00053EPSS
Exploits0References4
Cvelist
Cvelist
added 7 hours ago9 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS0.00053EPSS
Exploits0References4
CVE
CVE
added 7 hours ago10 views

CVE-2026-47159

Vaultwarden (Rust) prior to 1.36.0 is affected by CVE-2026-47159, where the SSO discovery and pre-validation flow exposed organization-related SSO metadata, including organizationIdentifier values for arbitrary email addresses, and allowed obtaining a valid pre-validation JWT with only the discov...

6.9CVSS6.2AI score0.00046EPSS
Exploits0References4
Cvelist
Cvelist
added 7 hours ago11 views

CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...

6.9CVSS0.00046EPSS
Exploits0References4
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-44693

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS6.1AI score0.00031EPSS
Exploits0References4
NVD
NVD
added 3 days ago9 views

CVE-2026-56336

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 3 days ago15 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

7.2CVSS6.1AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS6.1AI score0.00205EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-43028

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS0.00429EPSS
Exploits0References1
CVE
CVE
added 5 days ago25 views

CVE-2026-57807

The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57307

Name of the Vulnerable Software and Affected Versions miniOrange OAuth Single Sign On - SSO OAuth Client versions prior to 38.5.9 Description An authentication bypass exists in the miniOrange OAuth SSO WordPress plugin. An unauthenticated remote attacker can exploit an alternate password-recovery...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References4
Patchstack
Patchstack
added 6 days ago5 views

WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

WordPress OAuth Single Sign On - SSO OAuth Client plugin = 38.5.8 - Broken Authentication vulnerability discovered by Kim Dvash in WordPress Plugin OAuth Single Sign On - SSO OAuth Client versions = 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0Affected Software1
Rows per page
Query Builder