Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3141

Malicious code in bioql PyPI...

3.1CVSS6.3AI score0.0032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:25 a.m.19 views

CVE-2024-49755

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even...

3.1CVSS6.8AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.16 views

CVE-2024-39694

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...

4.7CVSS6.6AI score0.00504EPSS
Exploits0
NVD
NVD
added 2024/07/31 4:15 p.m.71 views

CVE-2024-39694

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...

4.7CVSS0.00504EPSS
Exploits0References6
CVE
CVE
added 2024/07/31 3:44 p.m.112 views

CVE-2024-39694

Duende.IdentityServer (OpenID Connect/OAuth 2.x framework for ASP.NET Core) is affected by CVE-2024-39694, an Open Redirect vulnerability. The issue arises when GetAuthorizationContextAsync and IsValidReturnUrl may return non-null or true for malicious URLs, allowing a redirect to an untrusted si...

4.7CVSS6.9AI score0.00504EPSS
Exploits0References6
OSV
OSV
added 2024/07/31 3:44 p.m.26 views

CVE-2024-39694 Duende IdentityServer Open Redirect vulnerability

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...

4.7CVSS6.2AI score0.00504EPSS
Exploits0References8
Rows per page
Query Builder