CVE-2026-42206

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

EUVD-2026-15805

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2026-27656

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2026-1824

The Infomaniak Connect for OpenID WordPress plugin is vulnerable to Stored XSS via the endpoint_login parameter of the infomaniak_connect_generic_auth_url shortcode in all versions up to 1.0.2. Exploitation requires authenticated access at Contributor level or higher, enabling injection of script...

CVE-2026-1824 Infomaniak Connect for OpenID <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpointlogin' parameter of the infomaniakconnectgenericauthurl shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes...

CVE-2026-27638 ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budge...

PT-2023-17328 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows the OpenID client secret to be logged in clear text during the configuration of the server. Recommendations: At the moment, there is no information about a newer...

PT-2022-28048 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns the exposure of sensitive user information, including names, email, role, and OpenID, to an authenticated user. This is due to improper removal of sensitive information...

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...

CVE-2020-14380

CVE-2020-14380 affects Red Hat Satellite 6.7.2 and later, enabling account takeover via SSO/OpenID authentication to claim privileges of existing local users. Connected Red Hat advisories confirm Satellite 6.8 release fixes this issue (and related CVEs) and provide update/patch context. Practical...