Lucene search
K

13850 matches found

BDU FSTEC
BDU FSTEC
added 20 minutes ago10 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
Nuclei
Nuclei
added 9 hours ago55 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7.1AI score0.02572EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago27 views

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.3AI score0.06139EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

FortiOS - Insecure LDAP Configuration Detection

The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...

6.5CVSS6.9AI score0.18566EPSS
Exploits1References2
CVE
CVE
added 2 days ago10 views

CVE-2024-1248

The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...

4.8CVSS5.9AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2024-55648

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00205EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago25 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System

Summary Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to...

8.8CVSS7.7AI score0.01163EPSS
Exploits0Affected Software2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41554

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score0.00142EPSS
Exploits0References3
CVE
CVE
added 3 days ago15 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago22 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.4AI score0.50694EPSS
Exploits5References4
Nuclei
Nuclei
added 3 days ago80 views

WSO2 - Cross-Site Scripting

WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0,...

6.1CVSS6.3AI score0.40481EPSS
Exploits5References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-37817

Steeltoe's static JWKS cache shared across schemes and never invalidated...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS0.00464EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41412

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References7
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0
OSV
OSV
added 4 days ago3 views

GHSA-MGQ6-VR84-7M2J OpenClaw: QQBot native approval buttons did not enforce configured approver identity

Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue wa...

8CVSS5.8AI score0.00199EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-53328

A flaw was found in the Linux kernel's schedext component. When systemd's user manager interacts with subtreecontrol while schedext is loaded, a warning can be triggered. This occurs due to a mismatch in how cgroup and css identities are handled during task migration, potentially leading to syste...

5.7AI score0.00168EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-13228

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS0.00309EPSS
Exploits0References7
Rows per page
Query Builder