Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/05/29 8:13 p.m.10 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 5:16 p.m.10 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.3CVSS0.0029EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 4:19 p.m.8 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.9AI score0.0029EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/28 4:19 p.m.28 views

CVE-2026-9091 CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

0.0029EPSS
Exploits0References1
CVE
CVEadded 2026/05/28 4:19 p.m.12 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social-login binding flow that bypasses MFA. The binding-rule path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable, so users authenticating through this path are logged in without MFA enforcement...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References1
CERT
CERTadded 2026/05/28 12:0 a.m.9 views

Casdoor contains multiple authentication bypass and access management vulnerabilities

Overview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language SAML processing, account binding, and token exchange...

9.8CVSS5.9AI score0.00378EPSS
Exploits0
Veracode
Veracodeadded 2022/02/12 12:41 a.m.25 views

Privilege Escalation

keycloak is vulnerable to privilege escalation. The vulnerability exists due to a flaw in the default ECP binding flow which allows other authentication flows to be bypassed...

6.8CVSS4AI score0.00843EPSS
Exploits0References7Affected Software1
CNNVD
CNNVDadded 2022/01/18 12:0 a.m.5 views

Red Hat Keycloak 授权问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from the default ECP binding flow that allows bypassing other authentication...

6.8CVSS6.7AI score0.00843EPSS
Exploits0References10
Rows per page
Query Builder