Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out- of-bounds memory access when processing an oversized...

4.2CVSS6AI score0.00142EPSS
Exploits0References4
CVE
CVE
added 5 days ago18 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago42 views

CVE-2026-14612 Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50738

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.11.0 ZITADEL versions 3.0.0 through 3.4.11 Description An authentication bypass exists in the external JWT Identity Provider IdP implementation. While the system validates the cryptographic signature and the...

4.2CVSS5.9AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 10:16 p.m.14 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.5CVSS0.00266EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/07 9:14 p.m.14 views

CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:14 p.m.12 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/07 9:14 p.m.38 views

CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.3CVSS0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38588

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An authentication bypass allows an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication is enable...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References9
NVD
NVD
added 2026/05/04 2:16 p.m.29 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS0.00397EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/04 1:47 p.m.5 views

CVE-2026-6266 Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/04 1:47 p.m.9 views

EUVD-2026-26967

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-25968

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security bypass exists in Keycloak where a remote attacker can circumvent security measures by submitting a valid Security Assertion Markup Language SAML response from an external Identity...

8.1CVSS5.8AI score0.00413EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability. This vulnerability arises when the preview feature of JWT authorization is enabled, and the user account is disabled. During the processing of JWT authorization,...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.4 views

CVE-2026-25519

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

9.8CVSS5.3AI score0.00492EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 9:16 p.m.11 views

CVE-2026-25519

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

9.8CVSS0.00492EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/04 8:50 p.m.2 views

CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

8.1CVSS5.3AI score0.00492EPSS
Exploits0References4
CVE
CVE
added 2026/02/04 8:50 p.m.16 views

CVE-2026-25519

OpenSlides prior to version 4.2.29 contains an authentication access-control flaw in the login flow for users synced via external IDPs (SAML). The issue allows a local login using a SAML username paired with a trivial password, effectively granting access to all SAML-linked accounts. The root cau...

9.8CVSS5.3AI score0.00492EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:50 p.m.6 views

CVE-2026-25519

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

8.1CVSS5.3AI score0.00492EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder