35 matches found
CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087
CVE-2026-9087 : In Keycloak, the cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity actually verified, allowing a second upstream account on the same IdP to be linked to the victim’s local account. Affected component: Keycloak auth...
EUVD-2026-31134
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account. Mitigation To...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from cross-session verification proofs, which rely solely on local user IDs and IdP aliases without binding actual verified upstream identities. This...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There is a security vulnerability in Devolutions Server, which stems from improper access control in the notification...
BIT-AUTHENTIK-2025-52553 authentik has Insufficient Session verification for Remote Access Control endpoint access
authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, howev...
PX4-Autopilot 安全漏洞
PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the FTP session verification of PX4 Autopilot MAVLink. As a result, unverified attackers cou...
CVE-2026-31944 LibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect link
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP Model Context Protocol OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redire...
CVE-2026-31944 LibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect link
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP Model Context Protocol OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redire...
BIT-GHOST-2026-29784 Ghost: Incomplete CSRF protections around OTC use
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784
Ghost (Node.js CMS) is affected between v5.101.6 and v6.19.2. The vulnerability is due to incomplete CSRF protections around /session/verify, allowing OTCs to be used in login sessions other than the requesting session. This could enable phishing attackers to take over a Ghost site in certain sce...
Ghost has incomplete CSRF protections around OTC use
Impact Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. Vulnerable versions This vulnerability is present in Ghost from...
GHSA-9M84-WC28-W895 Ghost has incomplete CSRF protections around OTC use
Impact Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. Vulnerable versions This vulnerability is present in Ghost from...
ZBT WE2001 安全漏洞
ZBT WE2001 is a wireless router produced by ZBT Technology Co., Ltd. Version 23.09.27 of ZBT WE2001 contains a security vulnerability. This vulnerability stems from a lack of session verification in the Web API component, which may allow unauthenticated remote attackers to obtain device...
CVE-2025-62717
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
EUVD-2025-35889
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...