13159 matches found
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2026-4281
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...
PT-2026-28312
Name of the Vulnerable Software and Affected Versions Coverity Connect affected versions not specified Description The authentication logic in the command line tooling for Coverity Connect is missing an error handler, leading to a potential authentication bypass. An attacker with access to the...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
LSC Smart Connect Indoor IP Camera 安全漏洞
LSC Smart Connect Indoor IP Camera is a camera driver developed by LSC Smart Connect. Version 7.6.32 of the LSC Indoor Camera contains a security vulnerability. This vulnerability stems from the lack of verification of the length of the Protocol parameter within the Transport element. It may lead...
Synopsys Coverity Connect 安全漏洞
Synopsys Coverity Connect is a web-based platform provided by Synopsys, Inc. It primarily consists of static code analysis tools and dynamic code analysis tools. Synopsys Coverity Connect has security vulnerabilities; one of these vulnerabilities stems from the identity verification logic in the...
GHSA-PRH4-VHFH-24MJ Harbor: LDAP password and OIDC secret are not redacted in the audit log
Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...
Harbor: LDAP password and OIDC secret are not redacted in the audit log
Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...
CVE-2026-3532
A flaw was found in the Drupal OpenID Connect / OAuth client. This vulnerability, stemming from improper handling of case sensitivity, allows an attacker to escalate their privileges. This could enable an unauthorized user to gain elevated access rights, potentially leading to unauthorized action...
CVE-2026-3530
A flaw was found in the Drupal OpenID Connect / OAuth client. This Server-Side Request Forgery SSRF vulnerability allows a remote attacker to trick the server into making unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information or enable...
CVE-2026-3531
A flaw was found in Drupal OpenID Connect / OAuth client. This authentication bypass vulnerability allows an attacker to bypass authentication by using an alternate path or channel. This can lead to unauthorized access to resources or functionalities protected by the authentication mechanism...
EUVD-2026-16389
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16385
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16387
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3531
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3530
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...