Lucene search
K

2166 matches found

EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-40443

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-54039

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.8.0 Description An authentication bypass exists that allows authenticated Single Sign-On SSO users to disable SSO enforcement via the API. This allows attackers to create local password credentials to authenticate...

6.3CVSS5.8AI score
Exploits0References4
OSV
OSV
added 6 days ago5 views

GHSA-V2WP-FRMC-5Q3V Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-52657

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description Lemur is a TLS certificate management service that contains a critical authorization break resulting from a chain of three issues. First, the service auto-provisions new SSO identities as active withou...

9.9CVSS5.8AI score
Exploits0References9
NVD
NVD
added last week8 views

CVE-2026-45688

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...

9.1CVSS0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added last week18 views

CVE-2026-45688 Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...

9.1CVSS0.00289EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.6 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 8:19 a.m.63 views

CVE-2026-11374

CVE-2026-11374 affects ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows unauthenticated users to predict SSO tickets used to authenticate sessions, enabling account takeover. The CVSS v3.1 metrics in the provided data indicate a CRITICAL...

9CVSS5.8AI score0.01237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.11 views

CVE-2026-12796

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the getredirectresponsefromopenid function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users. Mitigati...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References8
CVE
CVE
added 2026/06/21 9:0 a.m.10 views

CVE-2026-12796

Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 9:0 a.m.31 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 8:30 a.m.33 views

CVE-2026-12795 BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...

7.5CVSS0.00508EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 8:30 a.m.20 views

CVE-2026-12795

CVE-2026-12795 affects BerriAI litellm up to version 1.82.2 in the SSO Debug Flow component. The vulnerability concerns the function json.dumps within litellm/proxy/management_endpoints/ui_sso.py, where manipulation can lead to missing authentication. The issue is exploitable remotely and has had...

7.5CVSS6.7AI score0.00508EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 8:30 a.m.9 views

EUVD-2026-38154

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...

7.5CVSS6.7AI score0.00508EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51208

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An authentication bypass exists in the SSO Debug Flow component. A remote attacker can manipulate the json.dumps function within the file litellm/proxy/management endpoints/ui sso.py, which...

7.5CVSS7.1AI score0.00508EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51210

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue exists in the SSO Authentication Flow component within the get redirect response from openid function of the litellm/proxy/management endpoints/ui sso.py file. Remote manipulation o...

6.5CVSS6.6AI score0.00358EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.29 views

CVE-2026-56215 Capgo - Account Merge via Poisoned public.users.email in SSO Provisioning

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.29 views

CVE-2026-56215

Capgo before 12.128.12 is vulnerable: authenticated users can modify their public.users.email, which the SSO provisioning endpoint trusts as an account-merge key, enabling an attacker to merge a victim’s SSO identity into their own account. Affected component: provisioning/SSO merge logic manipul...

8.7CVSS6AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 2:2 p.m.25 views

CVE-2026-48117 DroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account Takeover

DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...

6.8CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:2 p.m.23 views

CVE-2026-48117

DroneAware’s CVE-2026-48117 affects the centralized DroneAware server. The issue allowed an attacker to pre-register an account using the victim’s email with an attacker-controlled password before activation; when the legitimate user later activated the account (via email Link or Google SSO), the...

6.8CVSS5.4AI score0.00184EPSS
Exploits0References1
Rows per page
Query Builder