Lucene search
K

24 matches found

NVD
NVD
added 4 hours ago8 views

CVE-2026-59151

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS
Exploits0References5
CVE
CVE
added 5 hours ago6 views

CVE-2026-59151

Prowler (cloud security platform) had a SAML authentication flow flaw prior to version 5.30.3 where the tenant was determined by the asserted email domain in the SAMLResponse rather than the validated SAML configuration. The ACS finish logic recalculated the tenant from user.email, enabling an au...

9.6CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-42968

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS6.1AI score
Exploits0References5
CVE
CVE
added 2026/06/23 6:11 p.m.18 views

CVE-2026-54320

CVE-2026-54320 refers to Daytona’s cross-tenant takeover vulnerability prior to version 0.184.0. The issue allowed an unverified email that matched an invitation’s target to accept it (or decline) and join the target organization, since invitation acceptance/declination did not require email veri...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:45 p.m.22 views

CVE-2026-54305

CVE-2026-54305 affects n8n Enterprise instances using the Dynamic Credentials EE Endpoints. Prior to versions 1.123.55, 2.25.7, and 2.26.2, three Dynamic Credentials endpoints accepted any authenticated session without per-resource ownership or scope checks on the target workflow or credential. A...

9.9CVSS6AI score0.00343EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 11:32 p.m.13 views

n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could...

9.9CVSS5.6AI score0.00343EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.12 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS5.5AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 7:16 p.m.12 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:32 p.m.37 views

CVE-2026-46511 HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:32 p.m.7 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS5.4AI score0.00275EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/05 6:32 p.m.11 views

EUVD-2026-34890

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS5.4AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:32 p.m.29 views

CVE-2026-46511

CVE-2026-46511 affects HAX CMS prior to 26.0.0. A Stored XSS chain exposes active session tokens (jwt, user_token, site_token, appstore_token) via the /system/api/connectionSettings endpoint, which writes tokens into a global JavaScript object (window.appSettings). An authenticated attacker can c...

8.7CVSS5.4AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 2:47 p.m.10 views

GHSA-X3X5-7H4H-GWXG HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/19 2:47 p.m.15 views

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41979

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An attack chain combining Stored XSS and dynamic token exposure allows an authenticated attacker to perform a complete cross-tenant account takeover. The system is vulnerable to Stored XSS through...

8.7CVSS5.5AI score0.00275EPSS
Exploits0References5
HackRead
HackRead
added 2026/04/26 7:21 p.m.10 views

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...

5.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.5 views

SUSE CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.6 views

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

8.8CVSS0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/07 4:31 p.m.2 views

CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
Rows per page
Query Builder