Lucene search
K

2688 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 7:41 p.m.12 views

CVE-2026-59096

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/07/02 7:41 p.m.11 views

EUVD-2026-41427

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:41 p.m.2 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS6AI score0.00246EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 10:16 a.m.7 views

CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...

8.2CVSS0.00321EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:29 a.m.9 views

CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...

8.2CVSS6AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:29 a.m.8 views

EUVD-2026-41259

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...

8.2CVSS6AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 8:29 a.m.14 views

CVE-2026-14336

The connected documents confirm CVE-2026-14336 affects PIA’s OIDC issuer allowlist for Jenkins tokens. The issue is a faulty host-bounded URL validation: issuer.startswith(' https://ci.eclipse.org ') is used in is_issuer_known (pia/models.py:139) instead of properly validating the issuer as a hos...

8.2CVSS6AI score0.00321EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/02 1:11 a.m.7 views

[SECURITY] Fedora 43 Update: opkssh-0.14.0-3.fc43

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

9.1CVSS5.8AI score0.00533EPSS
Exploits0
Fedora
Fedora
added 2026/07/02 1:11 a.m.7 views

[SECURITY] Fedora 44 Update: opkssh-0.14.0-3.fc44

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

9.1CVSS5.8AI score0.00533EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-54948

Name of the Vulnerable Software and Affected Versions PIA affected versions not specified Description The OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check instead of validating the issuer as a properly host-bounded URL. This allows an attacker to bypass the check using a...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-340 Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

9.1CVSS5.8AI score0.00857EPSS
Exploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/29 12:0 a.m.11 views

SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacke...

10CVSS5.9AI score0.0116EPSS
In wildExploits1
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5557 Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend

Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend...

9.4CVSS5.8AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5423 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset in github.com/openfga/openfga

OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset in github.com/openfga/openfga...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.8AI score0.00295EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.6 views

org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: Security flaw in org.keycloak/keycloak-services

A flaw was found in Keycloak. When both realm-level and client-level notBefore revocation policies are configured, Keycloak's OpenID Connect OIDC Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially...

5.4CVSS5.7AI score0.00281EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak-rhel9: Organization Data Leak After Feature Disabled in Keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00214EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.11 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 11:14 p.m.5 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the construction of callback URLs in OIDC, SAML, and logout authentication flows using the attacker-controlled HTTPHOST header. An attacker can intercept authorization codes or session tokens by manipulating the...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 10:9 p.m.29 views

CVE-2026-54588

Poweradmin (for PowerDNS) is affected by a Host Header Injection vulnerability in auth flows. Versions prior to 4.2.4 and 4.3.3 use the HTTP_HOST header as the authoritative source for building OIDC redirect_uri, SAML ACS/SLO URLs, and logout redirects without validation. An unauthenticated attac...

9.6CVSS6AI score0.00312EPSS
Exploits0References3
Rows per page
Query Builder