Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/23 6:11 p.m.35 views

CVE-2026-54320 Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:11 p.m.16 views

CVE-2026-54320

CVE-2026-54320 refers to Daytona’s cross-tenant takeover vulnerability prior to version 0.184.0. The issue allowed an unverified email that matched an invitation’s target to accept it (or decline) and join the target organization, since invitation acceptance/declination did not require email veri...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/09 8:37 p.m.5 views

org.keycloak.services.resources.organizations: Keycloak: Unauthorized organization registration via improper invitation token validation

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...

8.1CVSS5.8AI score0.00453EPSS
Exploits2References4
Hacker One
Hacker One
added 2024/09/16 10:7 a.m.5 views

HackerOne: Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation

Vulnerability description not provided...

7.1AI score
Exploits0
Rows per page
Query Builder