1047 matches found
CVE-2026-57213
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqfederationmanagement plugin renders the consumertag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute...
CVE-2026-57213
RabbitMQ’s rabbitmq_federation_management plugin is vulnerable to stored XSS on the Federation Status page because consumer_tag is rendered without HTML escaping. Prior to the fixed releases (3.13.14, 4.0.19, 4.1.10, 4.2.5), a user who can configure a federation upstream or policy could inject co...
EUVD-2026-42952
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
CVE-2026-58593
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
CVE-2026-58593
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
CVE-2026-58593
NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...
CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
EUVD-2026-41131
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
PT-2026-54922
Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...
GHSA-48PQ-2XQ3-C2M4 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...
PT-2026-51078
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token validation in the SamlSecurityTokenHandler does not enforce SubjectConfirmation method URIs or holder-of-key proof keys. This allows an attacker to...
CVE-2026-6961
Mattermost CVE-2026-6961 affects Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, and 10.11.x <= 10.11.15/10.11.x
CVE-2026-6961 CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations...
CVE-2026-6961 CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations...
BIT-AUTHENTIK-2026-41569 authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints
authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...
CVE-2026-41569
authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...
CVE-2026-41569
authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...
EUVD-2026-34025
authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...