24 matches found
CVE-2026-59151
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-59151
Prowler (cloud security platform) had a SAML authentication flow flaw prior to version 5.30.3 where the tenant was determined by the asserted email domain in the SAMLResponse rather than the validated SAML configuration. The ACS finish logic recalculated the tenant from user.email, enabling an au...
EUVD-2026-42968
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-54320
CVE-2026-54320 refers to Daytona’s cross-tenant takeover vulnerability prior to version 0.184.0. The issue allowed an unverified email that matched an invitation’s target to accept it (or decline) and join the target organization, since invitation acceptance/declination did not require email veri...
CVE-2026-54305
CVE-2026-54305 affects n8n Enterprise instances using the Dynamic Credentials EE Endpoints. Prior to versions 1.123.55, 2.25.7, and 2.26.2, three Dynamic Credentials endpoints accepted any authenticated session without per-resource ownership or scope checks on the target workflow or credential. A...
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could...
CVE-2026-46511
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...
CVE-2026-46511
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...
CVE-2026-46511 HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...
CVE-2026-46511
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...
EUVD-2026-34890
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...
CVE-2026-46511
CVE-2026-46511 affects HAX CMS prior to 26.0.0. A Stored XSS chain exposes active session tokens (jwt, user_token, site_token, appstore_token) via the /system/api/connectionSettings endpoint, which writes tokens into a global JavaScript object (window.appSettings). An authenticated attacker can c...
GHSA-X3X5-7H4H-GWXG HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack
Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...
HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack
Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...
PT-2026-41979
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An attack chain combining Stored XSS and dynamic token exposure allows an authenticated attacker to perform a complete cross-tenant account takeover. The system is vulnerable to Stored XSS through...
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...
SUSE CVE-2026-30855
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...
CVE-2026-30855
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...
CVE-2026-30855
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...
CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...