4808 matches found
CVE-2026-47386
CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...
CVE-2025-15619
HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...
CVE-2026-11374
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...
CVE-2026-11374
CVE-2026-11374 affects ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows unauthenticated users to predict SSO tickets used to authenticate sessions, enabling account takeover. The CVSS v3.1 metrics in the provided data indicate a CRITICAL...
CVE-2026-12796
A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the getredirectresponsefromopenid function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users. Mitigati...
CVE-2026-56425
The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...
EUVD-2026-38228
The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...
CVE-2026-56229 Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...
CVE-2026-12796
Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...
CVE-2026-12795 BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...
CVE-2026-12795
CVE-2026-12795 affects BerriAI litellm up to version 1.82.2 in the SSO Debug Flow component. The vulnerability concerns the function json.dumps within litellm/proxy/management_endpoints/ui_sso.py, where manipulation can lead to missing authentication. The issue is exploitable remotely and has had...
EUVD-2026-38154
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...
CVE-2026-56215
Capgo before 12.128.12 is vulnerable: authenticated users can modify their public.users.email, which the SSO provisioning endpoint trusts as an account-merge key, enabling an attacker to merge a victim’s SSO identity into their own account. Affected component: provisioning/SSO merge logic manipul...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau/debugfs: fixed the memory leak when releasing files. When using singleopen to open a file, singlerelease should be called. Otherwise, the memory allocated with singleopen may be leaked...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211 – Set special AP channel widths to disallowed. Setting the AP channel width is intended for use with the standard 20/40/… MHz channel width progression. Switching between narrow channels in S1G mode is not supported...
Astra Linux – Vulnerability in Firefox and Thunderbird
Due to incorrect JIT optimization, we misinterpreted data from the wrong type of object, resulting in the potential leakage of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/slub: Avoid zeroing the freepointer when dealing with single free objects. The commit 284f17ac13fe “mm/slub: Handle bulk and single object freeing separately” divides the handling of single and bulk object freeing into two...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fixed a crash that occurred with stop filters in single-range mode. A check for !buf-single was added before calling ptbufferregionsize in places where a missing check could cause a kernel crash. This fix...
CVE-2026-54386
marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...