Lucene search
K

2001 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2024-55648

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2024-1248

The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...

4.8CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added yesterday45 views

Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure

Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. id: CVE-2020-27361 info: name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.0...

7.5CVSS7.1AI score0.06714EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41442

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00644EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-57100

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00644EPSS
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-57100

Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.

9.9CVSS5.8AI score0.00644EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability

...

9.9CVSS0.00644EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-55321

Name of the Vulnerable Software and Affected Versions Microsoft Entra Provisioning Service SyncFabric affected versions not specified Description Server-side request forgery SSRF in the Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a...

9.9CVSS5.9AI score0.00644EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago5 views

Moderate: Red Hat Security Advisory: mod_md security update

An update for modmd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.3CVSS7AI score0.00628EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 7:16 p.m.12 views

CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/22 5:53 p.m.33 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56215

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:14 a.m.8 views

EUVD-2026-38101

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS6AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.32 views

CVE-2026-56215

Capgo before 12.128.12 is vulnerable: authenticated users can modify their public.users.email, which the SSO provisioning endpoint trusts as an account-merge key, enabling an attacker to merge a victim’s SSO identity into their own account. Affected component: provisioning/SSO merge logic manipul...

8.7CVSS6AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50739

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...

2.3CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210216

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00084EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2025-48643

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00084EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 5:53 a.m.25 views

CVE-2025-48643

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00084EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:53 a.m.14 views

CVE-2025-48643

CVE-2025-48643 is an Android system-level issue described across multiple sources as a provisioning bypass caused by improper input validation, enabling local privilege escalation with no user interaction. The Android 17 security release notes classify it under System, with type EoP and a High se...

7.8CVSS5.6AI score0.00084EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder