Lucene search
K

289 matches found

OSV
OSV
added last week4 views

CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS6.1AI score0.00246EPSS
Exploits0References8
Cvelist
Cvelist
added last week32 views

CVE-2026-54781 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
Cvelist
Cvelist
added last week31 views

CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS0.00175EPSS
Exploits0References4
CVE
CVE
added last week21 views

CVE-2026-54774

CoreWCF (CoreWCF.Primitives and related components) is affected by CVE-2026-54774 where SamlSerializer may skip final SignatureValue verification when validating SAML tokens signed with a non-X.509 issuer token. The vulnerability arises when an out-of-band token resolver provides a non-X.509 Secu...

7.4CVSS5.9AI score0.0015EPSS
Exploits0References6
CVE
CVE
added 2026/06/23 3:48 p.m.20 views

CVE-2026-54304

Summary: CVE-2026-54304 affects n8n where the SecurityScorecard node could exfiltrate the API token to a user-controlled URL if an attacker-controlled report download target is configured. Affected versions: n8n prior to 1.123.55, 2.25.7, and 2.26.1. Root cause: Authenticated user with workflow p...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/19 8:47 p.m.7 views

Unprotected Transport of Credentials

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Unprotected Transport of Credentials through the...

9.1CVSS5.9AI score0.00175EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.8 views

CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. Preconditions Relying-party service is hosted with WSFederationHttpBinding or...

10CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 8:47 p.m.5 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature vi...

10CVSS5.9AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51079

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML 1.1 and SAML 2.0 token validation fails to correctly resolve the issuer signing key or enforce signed tokens when IdentityConfiguration is used with federated...

10CVSS6AI score0.00246EPSS
Exploits0References15
Patchstack
Patchstack
added 2026/06/16 11:34 p.m.7 views

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS5.4AI score0.00448EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 6:20 p.m.6 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment due to the failure to invalidate previously issued administrative tokens after an administrator account is suspended, deleted, or deactivated. An attacker can maintain unauthorized acces...

8.6CVSS5.3AI score0.00448EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/04 12:4 p.m.11 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.8AI score0.00328EPSS
Exploits0References3
Redos
Redos
added 2026/05/27 12:0 a.m.23 views

ROS-20260527-73-0005

Vulnerability in openbao related to security token assignment restriction errors. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

2.7CVSS5.8AI score0.00301EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.22 views

PT-2026-41462

Name of the Vulnerable Software and Affected Versions TextPattern CMS version 4.9.0-dev Description Authenticated attackers can achieve remote code execution by exploiting the plugin upload functionality. The process involves authenticating, retrieving a CSRF token from the plugin event page, and...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/12 4:58 p.m.43 views

CVE-2026-40379 Azure Entra ID Spoofing Vulnerability

...

9.3CVSS0.0091EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 4:58 p.m.45 views

CVE-2026-40379

CVE-2026-40379 is a Microsoft ESTS (Enterprise Security Token Service) spoofing vulnerability impacting Azure services. The connected sources confirm exposure of sensitive information to an unauthorized actor in Azure Entra ID and describe exploitation as network-based spoofing. The CVSS 3.1 scor...

9.3CVSS5.8AI score0.0091EPSS
Exploits0References1Affected Software1
Kaspersky
Kaspersky
added 2026/05/07 12:0 a.m.19 views

KLA91030 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...

10CVSS6.8AI score0.01164EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/05/06 4:59 p.m.13 views

Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Summary An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in...

9.8CVSS5.9AI score0.00346EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/21 2:7 a.m.5 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...

2.7CVSS5.4AI score0.00301EPSS
Exploits0References2
Rows per page
Query Builder