Lucene search
K

22 matches found

OSV
OSV
added 2026/07/07 6:25 a.m.5 views

MAL-2026-6910 Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 6:25 a.m.7 views

Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2025-19634

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00446EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-19636

Malicious code in bioql PyPI...

5.7CVSS6.6AI score0.00134EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/03 3:23 p.m.9 views

CVE-2025-34063

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary user...

10CVSS7.5AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/03 3:22 p.m.18 views

CVE-2025-34062

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS6.6AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/03 3:22 p.m.14 views

CVE-2025-34064

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...

9CVSS7AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2025/07/01 3:15 p.m.28 views

CVE-2025-34064

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...

9CVSS0.00446EPSS
Exploits0References3
NVD
NVD
added 2025/07/01 3:15 p.m.34 views

CVE-2025-34062

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS0.00134EPSS
Exploits0References3
CVE
CVE
added 2025/07/01 2:49 p.m.46 views

CVE-2025-34064

OneLogin AD Connector is affected by a cloud infrastructure misconfiguration that sends log data to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers an unclaimed bucket can receive log files from other tenants, potentially exposin...

9CVSS6.3AI score0.00446EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/01 2:49 p.m.9 views

CVE-2025-34064 OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...

9CVSS6.3AI score0.00446EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/01 2:49 p.m.31 views

CVE-2025-34064 OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...

9CVSS0.00446EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/01 2:49 p.m.6 views

CVE-2025-34063 OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary user...

10CVSS6.8AI score0.00535EPSS
Exploits0References3
CVE
CVE
added 2025/07/01 2:49 p.m.39 views

CVE-2025-34063

CVE-2025-34063 affects OneLogin AD Connector prior to 6.1.5. The root cause is exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint, enabling an attacker to forge valid JWT tokens and impersonate arbitrary users across the OneLogin tenant, granting access to the O...

10CVSS6.8AI score0.00535EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/01 2:49 p.m.18 views

CVE-2025-34063 OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary user...

10CVSS0.00535EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/01 2:49 p.m.5 views

CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS5.9AI score0.00134EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/01 2:49 p.m.37 views

CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS0.00134EPSS
Exploits0References3
CVE
CVE
added 2025/07/01 2:49 p.m.27 views

CVE-2025-34062

The CVE affects OneLogin AD Connector before 6.1.5. A vulnerability exists in the /api/adc/v4/configuration endpoint where a valid directory_token (potentially obtainable from host registry keys or insecure logs) can yield a plaintext response that exposes sensitive credentials, including API key...

5.7CVSS5.9AI score0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.5 views

PT-2025-27550 · Onelogin · Onelogin Ad Connector

Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector versions prior to 6.1.5 Description: An information disclosure issue exists via the "/api/adc/v4/configuration" endpoint. An attacker with access to a valid directory token can retrieve a plaintext response disclosing...

5.7CVSS6.1AI score0.00134EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.5 views

One Identity OneLogin AD Connector 安全漏洞

One Identity OneLogin AD Connector is a connector software from One Identity USA. A security vulnerability exists in the One Identity OneLogin AD Connector that stems from a misconfiguration of the cloud infrastructure leading to log data leakage...

9CVSS6.6AI score0.00446EPSS
Exploits0References4
Rows per page
Query Builder