Lucene search
K

761 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-56666

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-56666 ZITADEL: Auto-linking by email: IdP-side email verification is not checked

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-56666

ZITADEL before v4.15.3 permits auto-linking by email without confirming IdP ownership of the email. The external IdP handler validates the local email but not that the IdP confirms ownership, enabling linking a permissive provider account to a victim’s local account. This vulnerability is address...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

CVE-2026-56666 ZITADEL: Auto-linking by email: IdP-side email verification is not checked

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-58494

A flaw was found in Wasmtime, a runtime for WebAssembly. A WebAssembly System Interface WASI guest with a read-only source file capability can exploit this vulnerability. During hard-link creation and renaming operations, the system checks directory permissions but fails to match file permissions...

6.5CVSS5.9AI score0.00119EPSS
Exploits0References12
Veracode
Veracode
added 5 days ago10 views

Improper Authentication

github.com/coder/coder is vulnerable to Improper Authentication. The vulnerability is due to improper OIDC email-based account linking and incorrect handling of the emailverified claim, which allows an attacker to authenticate with a malicious or unverified OIDC identity and take over another...

7.4CVSS6AI score0.00479EPSS
Exploits0References10Affected Software2
OSV
OSV
added last week6 views

CVE-2026-55076 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS6AI score0.00479EPSS
Exploits0References9
NVD
NVD
added last week10 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00479EPSS
Exploits0References7
CVE
CVE
added last week14 views

CVE-2026-55075

Coder’s OIDC login flaw leads to account takeover via email-based user matching and improper handling of email_verified. Before versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two issues exist: (1) email-based matching could link by email without confirming an existing link to a different IdP subjec...

7.4CVSS6AI score0.00479EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 8:52 p.m.7 views

Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass

Summary Two flaws in Coder's OIDC login chained into account takeover: email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the emailverified claim was only enforced when present as a boolean false so an absent or non-boolean...

7.4CVSS6AI score0.00479EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 8:50 p.m.6 views

Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56065

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description Two flaws in the OIDC login process allow for account takeover. The first issue occurs when email-based us...

7.4CVSS6AI score0.00479EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:34 p.m.8 views

CVE-2026-50132

Budibase is an open-source low-code platform. Prior to 3.39.0, GET /api/chat-links/:instance/:token/handoff is a public endpoint no auth required that performs a permanent, state-changing operation: it binds an external chat identity Slack/Discord/MS Teams to an authenticated Budibase user accoun...

7.3CVSS5.8AI score0.00192EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50739

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS0.00287EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

8.1CVSS5.8AI score0.00312EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 4:53 p.m.32 views

CVE-2026-50016 pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...

8.8CVSS0.00326EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52515

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm allows a transitive dependency alias within registry package metadata to include path traversal segments. During the installation process, pnpm utilizes this alias a...

8.8CVSS5.8AI score0.00326EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in binutils

A flaw was discovered in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code...

7.8CVSS6.3AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:16 p.m.11 views

CVE-2026-34912

A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...

4.3CVSS0.00235EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.8 views

EUVD-2026-38510

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
Rows per page
Query Builder