Lucene search
K

343 matches found

OSV
OSV
added 5 days ago3 views

CVE-2026-56666 ZITADEL: Auto-linking by email: IdP-side email verification is not checked

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References5
CVE
CVE
added 5 days ago10 views

CVE-2026-56664

ZITADEL’s external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) did not enforce maximum token age (missing iat) in tokens, allowing arbitrarily old tokens from a trusted issuer to pass authentication. Affected: ZITADEL core platform; vulnerable code path in the JWT IdP...

4.2CVSS6.1AI score0.00203EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-55669

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer iss but not the audience aud claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted ...

4.2CVSS0.00112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57292

Name of the Vulnerable Software and Affected Versions Logto versions prior to 1.41.0 Description The self-hosted SAML application IdP constructs signed SAML responses and assertions by substituting user-controlled profile attributes, such as name, email, and custom attribute-mapping values, into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 3:11 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 12:0 p.m.8 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: kube-arangodb-fips, flux, mods, drone-fips, cilium, crossplane-provider-aws-cloudtrail, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-aws-kafka-fips, trivy-fips, gh, zot, crossplane-provider-aws-ec2-fips,...

6.1AI score
Exploits0
CVE
CVE
added 2026/06/24 8:58 p.m.13 views

CVE-2026-46423

Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 contains a SAML SP issue where the verifySignatures routine returns early if serviceProviderOptions.cert is falsy, causing silent skip of SAML Response and Assertion signature validation when the IdP certi...

9.3CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:58 p.m.19 views

CVE-2026-46423 Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...

9.3CVSS0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:52 p.m.8 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/18 1:52 p.m.6 views

GHSA-G5H5-M4HM-XJRR ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider

Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider IdP implementation. When validating JSON Web Tokens JWTs from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer iss, but it fails to validate the...

4.2CVSS5.7AI score0.00112EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/18 1:1 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 8:30 p.m.40 views

CVE-2026-42849

The CVE-2026-42849 entryffects authentik, an open-source identity provider. Affected component: SFE (Simple Flow Executor) autosubmit stage, where legacy-browser compatibility logic enabled a reflected XSS. Root cause: XSS in AutosubmitStage enables an attacker to potentially take over an IDP acc...

9.3CVSS5.7AI score0.00355EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/30 8:44 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation through the AuthHelper SSO setup flow in the auth helper pipeline. An attacker can link a Sentry account to a different identity by supplying an IdP assertion email that resolves to another user during provider setup...

9.8CVSS5.8AI score0.00623EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.6 views

com.jayxu:demo (>=0.10.0 <=0.11.0), com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example (>=3.0.9 <=3.1.0) +8 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=4.0.1 <=4.0.3)

org.springframework.boot:spring-boot-devtools MAVEN version =4.0.1, =0.10.0, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =2.0.0, =2.1.1 - de.tschuehly:spring-view-component-thymeleaf =0.9.1 - io.stereov.singularity:core =1.10.6 - org.flowable:flowable-app-rest =8.0.0 - se.swedenconnect.bankid:bankid-idp =1.3...

7.5CVSS5.8AI score0.00262EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.8 views

SUSE CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.3AI score0.01051EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:44 p.m.3 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.3AI score0.01051EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/22 9:44 p.m.5 views

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.3AI score0.01051EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/15 11:25 p.m.13 views

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

7.8CVSS6.1AI score0.01184EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/15 2:5 a.m.27 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS5.8AI score0.01184EPSS
Exploits1
Rows per page
Query Builder