CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/20 4:13 p.m.•34 views

CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

6.4CVSS0.00029EPSS

Vulnrichment•added 2026/05/20 4:13 p.m.•3 views

CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login

6.4CVSS5.8AI score0.00029EPSS

CVE•added 2026/05/20 4:13 p.m.•6 views

CVE-2026-9087

CVE-2026-9087 : In Keycloak, the cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity actually verified, allowing a second upstream account on the same IdP to be linked to the victim’s local account. Affected component: Keycloak auth...

8.1CVSS5.8AI score0.00029EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/20 4:12 p.m.•3 views

CVE-2026-9087

8.1CVSS5.7AI score0.00029EPSS

Exploits0References3

Cvelist•added 2026/05/20 2:22 p.m.•29 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

6CVSS0.0003EPSS

Vulnrichment•added 2026/05/20 2:22 p.m.•4 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

CVE•added 2026/05/20 2:22 p.m.•5 views

CVE-2026-9084

MISP OIDC authentication plugin is affected. The issue allows automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account has no stored sub value. Under insecure/untrusted IdP configurations where email ownership isn’t enforced, an attac...

EUVD•added 2026/05/20 2:22 p.m.•4 views

EUVD-2026-31123

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Fork: Defer linking of vma until vma is fully initialized. Thorvald reported a WARNING 1. The root cause of the issue lies in a race condition: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole...

7.8CVSS6.4AI score0.00011EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в firefox, thunderbird

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking, violating the WebAuthn goals. This vulnerability affect...

6.5CVSS7AI score0.00357EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: serial: Fixed the race condition where tty-port wasn’t set. The commit bfc467db60b7 “serial: removed redundant ttyportlinkdevice” was reverted because ttyportlinkdevice isn’t redundant. We need to configure tty-port before callin...

4.7CVSS5.7AI score0.00015EPSS

CNNVD•added 2026/05/20 12:0 a.m.•4 views

MISP 授权问题漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has an authorization vulnerability;...

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42199

6.4CVSS5.8AI score0.00029EPSS

Exploits0References3

CNNVD•added 2026/05/14 12:0 a.m.•3 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

8.2CVSS5.9AI score0.00069EPSS

Exploits1References2

SUSE CVE•added 2026/05/13 2:21 p.m.•2 views

SUSE CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

7.6CVSS5.7AI score0.00035EPSS

Exploits0References3

CVE•added 2026/05/12 5:16 p.m.•8 views

CVE-2026-44166

PocketBase suffers an account pre-hijacking vulnerability via OAuth2 unverfied→verified autolinking. An attacker who knows a victim’s email can pre-create and link an unverified PocketBase user by authenticating with an OAuth2 provider (e.g., A). When the victim later signs up with a different pr...

7.6CVSS5.7AI score0.00035EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/11 9:11 p.m.•26 views

CVE-2026-44695 Outline: Slack OAuth state can link a victim Outline account to an attacker Slack identity

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

5.8CVSS0.00017EPSS

Exploits1References1

ATTACKERKB•added 2026/05/11 2:35 p.m.•2 views

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00045EPSS