Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

OSV
OSVadded 2025/11/12 9:27 p.m.6 views

GHSA-39HR-239P-FHQC OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

9.3CVSS6.8AI score0.00288EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/11/12 12:0 a.m.6 views

PT-2025-46699

Name of the Vulnerable Software and Affected Versions Open Access Management OpenAM versions prior to 16.0.0 Description Open Access Management OpenAM contains a flaw where, if the claims parameter supported parameter is enabled, the "oidc-claims-extension.groovy" script allows injection of...

9.3CVSS7.1AI score0.00288EPSS
Exploits0References8
Rows per page
Query Builder