3 matches found
CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
CVE-2026-56223
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
PingFederate 6.10.1 SP Endpoints Open Redirect
CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Exploit Title: "Ping Identity Corporation" "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Product: PingFederate 6.10.1...