CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

OSV•added 2026/03/04 6:2 p.m.•3 views

DRUPAL-CONTRIB-2026-027

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain...

4.2CVSS5.9AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 2026/03/04 12:0 a.m.•3 views

PT-2026-23114

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that could allow for authentication bypass. Specifically, if a user successfully authenticates with their Identi...

5.9AI score0.00079EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-4038

Malware in sbrugna...

9.8CVSS9.2AI score0.002EPSS

Exploits0References3

Tenable Nessus•added 2025/08/30 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2019-12428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in...

9.8CVSS8.2AI score0.002EPSS

Exploits0References2

OSV•added 2025/01/09 7:15 a.m.•0 views

UBUNTU-CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

5.4CVSS5.8AI score0.00166EPSS

Exploits1References4

Cloud Foundry•added 2024/07/18 12:0 a.m.•10 views

CVE-2024-38806 - UAA Failure to Remove Shadow User's Access | Cloud Foundry

Severity LOW Vendor CloudFoundry Foundation Versions Affected UAA Release v77.10.0 or below Description Expected behavior: When UAA is configured to proxy to an external OIDC or SAML provider, and when UAA is configured using the UAA group mapping feature to convert the external provider user...

3.9CVSS6.8AI score0.00031EPSS

Exploits0

Prion•added 2022/11/01 2:15 a.m.•11 views

Authentication flaw

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

7.5CVSS9.5AI score0.00392EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/11/01 12:0 a.m.•1 views

Octopus Server 授权问题漏洞

Octopus Server is an automated deployment platform. An authorization issue vulnerability exists in Octopus Server that stems from access rights being managed by an external authentication provider, where disabling or deleting a user's API key may still be valid after access rights have been...

9.8CVSS8.2AI score0.00392EPSS

Exploits0References2

Github Security Blog•added 2022/05/13 1:7 a.m.•17 views

Cloud Foundry UAA Identity Zone Admin Privilege Escalation

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release uaa-release 13.x versions prior to v13.17, 24.x...

6.6CVSS7.3AI score0.00258EPSS

Exploits0References7Affected Software1

OSV•added 2022/05/13 1:7 a.m.•9 views

GHSA-9FRW-WMVQ-5RRC Cloud Foundry UAA Identity Zone Admin Privilege Escalation

6.6CVSS6.5AI score0.00258EPSS

Exploits0References7

RedhatCVE•added 2021/03/23 9:36 a.m.•48 views

CVE-2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...

7.1CVSS1.8AI score0.00052EPSS

Exploits0References3

Drupal•added 2019/02/13 12:0 a.m.•14 views

Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-016

This module enables you to allow login into the Drupal websites through an external provider over the OAuth 2.0 protocol. The module sets a Drupal variable used for redirection based on unsanitised user input, leading to an Open Redirect vulnerability. It also fails to sanitise user input which i...

6.5AI score

Exploits0References4

OSV•added 2017/07/10 8:29 p.m.•12 views

CVE-2017-8032

6.6CVSS7AI score0.00258EPSS

Exploits0References1

Veracode•added 2017/06/19 7:59 a.m.•19 views

Privilege Escalation

CloudFoundry User Account and Authentication UAA is vulnerable to privilege escalation. There is a flaw in mapping permissions for an external provider, allowing Zone administrators to escalate their privileges...

6.6CVSS6.9AI score0.00258EPSS

Exploits0References1Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by