Lucene search
+L

4 matches found

Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-9103 Unauthenticated Superuser Token Issuance via Auto-Login Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...

9.8CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.5 views

CVE-2025-0663

A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...

6.8CVSS7.2AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/23 4:58 p.m.11 views

CVE-2025-0663 Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login

A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...

6.8CVSS0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.4 views

PT-2025-39180

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A cross-tenant authentication issue exists because of a flawed cryptographic design in Adaptive Authentication. A single cryptographic key is used for all tenants to sign authentication...

6.8CVSS6.6AI score0.00226EPSS
Exploits0References5
Rows per page
Query Builder