EUVD-2026-31134

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

PT-2026-28078

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...

CVE-2026-27804 Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing...

BIT-MOODLE-2024-45690 Moodle: idor when deleting oauth2 linked accounts

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts...

Moodle IDOR when deleting OAuth2 linked accounts

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts...

CVE-2024-45690

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts...

UBUNTU-CVE-2024-45690

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts...

CVE-2024-45690

CVE-2024-45690 affects Moodle and concerns an IDOR when deleting OAuth2-linked accounts. The connected sources describe a flaw where additional checks are needed to ensure users can only delete their own OAuth2-linked accounts, indicating insufficient authorization checks in the relevant Moodle f...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the need to perform additional checks to ensure that users can onl...

PT-2023-22455 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad versions 5.3.x through 5.3.x Description: The issue allows an authenticated attacker to gain information about linked accounts of users involved in their tickets using the Zammad API. This is due to Incorrect Access Control...

Stripe: [Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure

@mrasg discovered that users of an account with member permissions were improperly allowed to see activated linked accounts and connect new carts to the account. I discovered a Vulnerability that allows the user who has member privileges to connect new carts to the Taxjar account , like...

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was...

Rockstar Games: Social Club Account Takeover Via RGL And Steam/Epic Linked Account

In this report, the researcher discovered and demonstrated a method to hijack access to a Social Club account via a previously-linked Epic Games or Steam account. To perform the attack, the attacker first needed access to a Steam or Epic Games account with entitlement to a game with Social Club...

Dashlane: Missing Access Control(IDOR) To Know LinkedAccounts

Hello Team, While Digging your Application I Came to Endpoint Where I Was Able to Check Whether Email is been Used in Multiple Account's or not , And Also Email's Are Getting Leaked . You have Feature to Enter Email To get Token : F105969 As you can see from the above Screenshot , I'm Logged in a...