Lucene search
K

1610 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-31982 Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago4 views

PT-2026-56298

Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...

9.6CVSS6AI score0.00025EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 10:8 p.m.14 views

CVE-2026-56350

CVE-2026-56350 affects n8n prior to 2.8.0. The vulnerability is an authentication bypass that allows authenticated SSO users to disable SSO enforcement via the API, enabling creation of local password credentials to authenticate directly and bypass organizational SSO policies and identity-provide...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.6 views

ManageEngine ADAudit Plus < Build 8703 Account Takeover (CVE-2026-11374)

The version of ManageEngine ADAudit Plus installed on the remote host is prior to build 8703. It is, therefore, affected by an account takeover vulnerability: - The SSO tickets generated to authenticate a session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS5.8AI score0.01237EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS0.00383EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38747

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 11:53 a.m.20 views

CVE-2026-56270

Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.31 views

CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 8:19 a.m.6 views

CVE-2026-11374 Account Takeover via Predictable SSO Ticket Generation

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS5.8AI score0.01237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:19 a.m.39 views

CVE-2026-11374 Account Takeover via Predictable SSO Ticket Generation

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS0.01237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51487

Name of the Vulnerable Software and Affected Versions ADSelfService Plus versions prior to 6529 RecoveryManager Plus versions prior to 6321 M365 Manager Plus versions prior to 4817 ADAudit Plus versions prior to 8703 Description In ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and...

9CVSS5.9AI score0.01237EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 9:16 a.m.15 views

CVE-2026-12795

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...

7.5CVSS0.00508EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 9:0 a.m.7 views

EUVD-2026-38155

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 9:0 a.m.32 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56215

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:0 p.m.30 views

CVE-2026-50083 Aqara hardcoded OAuth client credentials

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS0.00246EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48911

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The Aqara IAM/SSO gateway at 'gw-builder.aqara.com' contains a cross-origin resource sharing issue. This is a permissive cross-domain policy with untrusted domains, which allows...

8.2CVSS5.2AI score0.00192EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48910

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The IAM/SSO gateway at 'gw-builder.aqara.com' exposes an unauthenticated AES oracle, allowing bidirectional AES round-trips against the platform's signing key. This occurs due t...

10CVSS5.3AI score0.00222EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/11 8:3 p.m.9 views

EUVD-2026-36311

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS5.4AI score0.00131EPSS
Exploits0References1
Rows per page
Query Builder