Lucene search
+L

2210 matches found

nvd
nvd
added 17 hours ago6 views

CVE-2026-15013

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS
Exploits0References7
euvd
euvd
added yesterday4 views

EUVD-2026-44740

Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-53515

CVE-2026-53515 : The Better Auth library, specifically the @better-auth/sso plugin, contains a privilege escalation in versions 1.2.10 through 1.6.11. The POST /sso/register endpoint incorrectly allows any organization member to attach a new SSO provider because registerSSOProvider checks only fo...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44733

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00025EPSS
Exploits0References4
attackerkb
attackerkb
added yesterday4 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00025EPSS
Exploits0References5Affected Software2
redhatcve
redhatcve
added yesterday4 views

CVE-2026-47158

A flaw was found in Vaultwarden, a Bitwarden-compatible server. An unauthenticated attacker could exploit a vulnerability in the Single Sign-On SSO authorization flow. This flaw, caused by improper binding of the OAuth state parameter to the browser session and inadequate cleanup of SSO...

8.3CVSS6AI score0.00031EPSS
Exploits0References2
cvelist
cvelist
added yesterday34 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS0.00053EPSS
Exploits0References4
cve
cve
added yesterday14 views

CVE-2026-47164

Vaultwarden (Rust) prior to 1.36.0 has an authentication flaw in its SSO flow: when SSO_SIGNUPS_MATCH_EMAIL=true, an IdP identity can bind to an existing local Vaultwarden account by asserting a victim email, due to checking the IdP email_verified claim only during new-user creation. This could a...

7.7CVSS6.1AI score0.00053EPSS
Exploits0References4
cvelist
cvelist
added yesterday38 views

CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...

6.9CVSS0.00046EPSS
Exploits0References4
cve
cve
added yesterday10 views

CVE-2026-47159

Vaultwarden (Rust) prior to 1.36.0 is affected by CVE-2026-47159, where the SSO discovery and pre-validation flow exposed organization-related SSO metadata, including organizationIdentifier values for arbitrary email addresses, and allowed obtaining a valid pre-validation JWT with only the discov...

6.9CVSS6.2AI score0.00046EPSS
Exploits0References4
euvd
euvd
added yesterday8 views

EUVD-2026-44693

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS6.1AI score0.00031EPSS
Exploits0References4
ptsecurity
ptsecurity
added yesterday7 views

PT-2026-60204

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.36.0 Description The SSO login flow fails to verify the email verified claim from the Identity Provider IdP when the SSO SIGNUPS MATCH EMAIL variable is set to true during the linking of an IdP identity to an...

7.7CVSS6.1AI score0.00053EPSS
Exploits0References8
nvd
nvd
added 4 days ago9 views

CVE-2026-56336

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS0.00205EPSS
Exploits0References2
cve
cve
added 4 days ago16 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago39 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
osv
osv
added 4 days ago4 views

CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS6.1AI score0.00205EPSS
Exploits0References4
osv
osv
added 4 days ago3 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

7.2CVSS6.1AI score0.00276EPSS
Exploits0References4
euvd
euvd
added 6 days ago9 views

EUVD-2026-43028

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago30 views

CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS0.00429EPSS
Exploits0References1
cve
cve
added 6 days ago27 views

CVE-2026-57807

The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
Rows per page
Query Builder