CVE-2026-50083 Aqara hardcoded OAuth client credentials

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

PT-2026-48910

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The IAM/SSO gateway at 'gw-builder.aqara.com' exposes an unauthenticated AES oracle, allowing bidirectional AES round-trips against the platform's signing key. This occurs due t...

PT-2026-48911

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The Aqara IAM/SSO gateway at 'gw-builder.aqara.com' contains a cross-origin resource sharing issue. This is a permissive cross-domain policy with untrusted domains, which allows...

EUVD-2026-36311

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

EUVD-2026-36029

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

CVE-2026-53473

The CVE affects the migration-planner-ui-app and describes a cross-site scripting (XSS) flaw in which an attacker can register a malicious discovery agent using a crafted credentialUrl containing JavaScript. When an organizational user clicks the link in the UI, the embedded code executes in the ...

CVE-2026-53473

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

DEBIAN-CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

CVE-2026-11785

The CVE-2026-11785 entry concerns 389 Directory Server (389-ds-base) with a type confusion in the SSO token extended operation handler. This flaw allows a partial leak of stack address information via LDAP responses to authenticated users, arising from ber_printf type confusion in the SSO token h...

CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

Linux Distros Unpatched Vulnerability : CVE-2026-11785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed ...

CVE-2026-24069

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

CVE-2026-9330

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

@altipla/directus-sdk-utils (=0.7.2), @better-auth/infra (>=0.1.7 <=0.1.8) +39 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)

samlify NPM version =2.10.0, =0.1.7, =1.6.0, =2.10.4, =1.0.0, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.0.0-chat-to-edit-20251124233201, =0.0.0-chat-to-edit-20251124233201, =0.75.0 and more Source cves: CVE-2026-46490 Source advisory: SNYK:JS-SAMLIFY-16796318...

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

EUVD-2026-30553

Trubo: Login callback CSRF/session fixation...