DEBIAN-CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

CVE-2026-11785

The CVE-2026-11785 entry concerns 389 Directory Server (389-ds-base) with a type confusion in the SSO token extended operation handler. This flaw allows a partial leak of stack address information via LDAP responses to authenticated users, arising from ber_printf type confusion in the SSO token h...

CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

Linux Distros Unpatched Vulnerability : CVE-2026-11785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed ...

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

CVE-2025-14386

The CVE-2025-14386 entry concerns the WordPress plugin “Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization” (versions 2.4.4–2.5.12). Connected sources confirm a missing capability check in generate_sso_url and validate_sso_token, enabling authentication...

PT-2025-46874

Name of the Vulnerable Software and Affected Versions Mattermost Mobile Apps versions prior to 2.32.0 Description The Mattermost Mobile Apps do not properly validate Single Sign-On SSO redirect tokens to ensure they come from a trusted server. This allows a malicious Mattermost instance or an...

EUVD-2013-6541

Malware in sbrugna...

KUNBUS PiCtory 安全漏洞

KUNBUS PiCtory is a graphical software tool from KUNBUS Corporation for configuring and managing the KUNBUS Revolution Pi industrial computer. A security vulnerability exists in KUNBUS PiCtory version 2.11.1 and earlier, which stems from an unescaped ssotoken and could lead to a cross-site...

PT-2025-18697 · Kunbus · Kunbus Pictory

Name of the Vulnerable Software and Affected Versions: KUNBUS PiCtory versions 2.11.1 and earlier Description: The issue allows for cross-site scripting attacks via the sso token used for authentication. If an attacker provides a user with a KUNBUS PiCtory URL containing an HTML script as an sso...

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities an Open Redirect and session token sent as URL query parameter in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction one click. Impact...

CVE-2022-43654

NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists with...

Security feature bypass

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855...

CVE-2013-6739

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855...

Cisco Unified Communications Manager 'CTIManager' Remote Command Execution (CSCum95491)

According to its self-reported version, the remote Cisco Unified Communications Manager CUCM device has a flaw in the 'CTIManager' module that allows a remote, authenticated attacker to execute arbitrary commands with elevated privileges by using a specially crafted SSO token. %NASLMINLEVEL 70300...