Lucene search
K

5 matches found

EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-41732

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 4:20 p.m.30 views

CVE-2026-9092 CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.13 views

PT-2026-37128

Name of the Vulnerable Software and Affected Versions Nhost versions prior to 0.49.1 Description Nhost automatically links incoming OAuth identities to existing accounts when email addresses match, provided the email is marked as verified. Several provider adapters fail to correctly populate the...

9.8CVSS5.9AI score0.00809EPSS
Exploits1References9
NVD
NVD
added 2022/12/02 6:15 p.m.29 views

CVE-2022-46145

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

9.8CVSS0.01177EPSS
Exploits0References3
Prion
Prion
added 2022/12/02 6:15 p.m.15 views

Design/Logic Flaw

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

7.5CVSS9.4AI score0.01177EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder