Lucene search
+L

1328 matches found

Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Fedora 44 : roundcubemail (2026-517daa8d64)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-517daa8d64 advisory. Release 1.7.2 - Add HEAD request handler to the static.php - Fix so the oauthpasswordclaim claim is retrieved via token or userinfo request 9631 - F...

10CVSS6.2AI score0.00276EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44689

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS6.1AI score0.00247EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-61452

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS0.00338EPSS
Exploits1References2
NVD
NVD
added 4 days ago5 views

CVE-2026-45069

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

9.1CVSS0.00232EPSS
Exploits0References4
CVE
CVE
added 4 days ago43 views

CVE-2026-45069

CVE-2026-45069 concerns Symfony’s OidcTokenHandler, where verifyClaims() registered aud/iss/exp checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(). Consequently, a validly signed JWT missing these claims could pass verification. The issue is fixed in Symfony relea...

9.1CVSS6.1AI score0.00232EPSS
Exploits0References4Affected Software1
OSV
OSV
added 4 days ago3 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References6
NVD
NVD
added 4 days ago7 views

CVE-2026-55954

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago23 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 5:50 p.m.14 views

CVE-2026-59151

Prowler (cloud security platform) had a SAML authentication flow flaw prior to version 5.30.3 where the tenant was determined by the asserted email domain in the SAMLResponse rather than the validated SAML configuration. The ACS finish logic recalculated the tenant from user.email, enabling an au...

9.6CVSS6.1AI score0.00296EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 5:22 p.m.15 views

CVE-2026-56665

ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.3 views

apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS5.9AI score0.00445EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/09 3:27 p.m.7 views

CVE-2026-59208

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/09 3:27 p.m.7 views

EUVD-2026-42610

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3
CVE
CVE
added 2026/07/09 3:27 p.m.25 views

CVE-2026-59208

CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/09 3:27 p.m.3 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References5
Veracode
Veracode
added 2026/07/09 8:18 a.m.10 views

Improper Authentication

github.com/coder/coder is vulnerable to Improper Authentication. The vulnerability is due to improper OIDC email-based account linking and incorrect handling of the emailverified claim, which allows an attacker to authenticate with a malicious or unverified OIDC identity and take over another...

7.4CVSS6AI score0.00479EPSS
Exploits0References10Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-56887

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.10.0 Description In the backend/open webui/routers/terminals.py file, the ws terminal upstream URL is constructed using an unencoded session id and appends user id as a query parameter. This allows for query...

8CVSS6.1AI score0.00286EPSS
Exploits0References9
NVD
NVD
added 2026/07/08 9:16 p.m.6 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 8:21 p.m.6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder