47 matches found
Improper Authentication
github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to missing user confirmation during JWT/OIDC authentication when using callbackmode=direct, which allows an attacker to initiate a malicious authentication request and trick a victim into automatically...
CVE-2026-2475
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...
CVE-2026-2475
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...
CVE-2026-2475 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...
CVE-2026-33757
A flaw was found in OpenBao. A missing prompt for user confirmation when logging in via the JWT/OIDC authentication method with a role configured to use callbackmode=direct allows an attacker to initiate an authentication request and perform a "remote phishing" attack by tricking an authenticated...
CVE-2026-33757
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757
OpenBao (before 2.5.2) is vulnerable to a login flow issue when using JWT/OIDC with a role whose callback_mode is direct: no user confirmation is prompted, enabling remote phishing by auto-logging in to the attacker’s session. Version 2.5.2 adds a confirmation screen for direct logins to require ...
EUVD-2026-16624
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
CVE-2026-33757
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
GHSA-7Q7G-X6VG-XPC3 OpenBao lacks user confirmation for OIDC direct callback mode
Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...
OpenBao lacks user confirmation for OIDC direct callback mode
Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...
CVE-2025-27900
CVE-2025-27900 is tied to IBM Db2 Recovery Expert for Linux, UNIX and Windows. The connected IBM security bulletin describes a remote open-redirect vulnerability in Db2 Recovery Expert, enabling an attacker to craft a URL that could spoof the user’s experience and facilitate further attacks (e.g....
CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
PT-2026-20233
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software contains a flaw that could enable a remote attacker to carry out phishing attacks through an open redirect. A crafted website can be used to exploit this issu...
EUVD-2016-2491
Malware in sbrugna...
EUVD-2014-4703
Malware in sbrugna...
EUVD-2016-0263
Malware in sbrugna...
CVE-2010-2280
Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH...