2 matches found
CVE-2026-31946
OpenOLAT OpenID Connect implicit flow (versions 10.5.4–before 20.2.5) does not verify JWT signatures. The JSONWebToken.parse() method discards the signature segment, and getAccessToken() validates only issuer/audience/state/nonce, without cryptographic verification against the IdP’s JWKS. This ca...
Vasion Print 安全漏洞
Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.843 Application 20.0.1923, which stems from hard-coded IdP keys...