3 matches found
EUVD-2026-38101
Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...
EUVD-2025-2672
Malicious code in bioql PyPI...
PT-2025-4393 · Uaa · Uaa
Name of the Vulnerable Software and Affected Versions: UAA affected versions not specified Description: The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate ID...