Lucene search
K

10 matches found

CNNVD
CNNVD
•added 2026/05/20 12:0 a.m.•12 views

MISP ęŽˆęƒé—®é¢˜ę¼ę“ž

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has an authorization vulnerability;...

6CVSS5.8AI score0.00182EPSS
Exploits0References1
CVE
CVE
•added 2026/04/21 4:32 p.m.•19 views

CVE-2026-40574

CVE-2026-40574 affects OAuth2 Proxy. Affected: deployments using email_domain restrictions. Issue: authorization bypass where an attacker can use a malformed multi-@ email claim (e.g., [email protected]@company.com) to satisfy a company.com domain check, even though the claim is not a valid email...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
•added 2026/04/21 4:32 p.m.•3 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/04/21 4:32 p.m.•34 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/04/15 12:0 a.m.•5 views

PT-2026-33223

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description An authorization bypass exists within the email domain enforcement option. An attacker can authenticate using a malformed email claim, such as [email protected]@company.com, to satisfy an allow...

6.8CVSS5.8AI score0.00209EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2026/04/03 9:56 p.m.•3 views

CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References3
Snyk
Snyk
•added 2026/01/21 10:23 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

6CVSS5.7AI score0.00303EPSS
Exploits0References2
Github Security Blog
Github Security Blog
•added 2024/01/02 4:40 p.m.•30 views

Hail relies on OIDC email claims to verify the validity of a user's domain.

Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]"...

5.3CVSS6.6AI score0.00367EPSS
Exploits0References5Affected Software1
OSV
OSV
•added 2024/01/02 4:40 p.m.•28 views

GHSA-487P-QX68-5VJW Hail relies on OIDC email claims to verify the validity of a user's domain.

Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]"...

5.3CVSS4.9AI score0.00367EPSS
Exploits0References5
The Hacker News
The Hacker News
•added 2023/06/21 11:38 a.m.•57 views

Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...

7.2AI score
Exploits0
Rows per page
Query Builder