Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.13 views

@hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass

Impact: @hulumi/policies versions before 1.3.2 could accept spoofed SecureBucket parent evidence for HULUMI-H1, allowing policy evaluation to miss an unsafe bucket shape. Patched in 1.3.2: the validator now correlates evidence to the expected component/resource relationship and includes regressio...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.17 views

@hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.16 views

@hulumi/baseline: CloudTrail selector tampering events were not fully detected

Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration. Patched in 1.3.2: detection coverage and regression tests were expanded. Remediation: upgrade @hulumi/baseline to 1.3.2 or lat...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.20 views

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

4.6CVSS5.7AI score0.00136EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:42 p.m.16 views

FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

Summary A Server-Side Request Forgery SSRF vulnerability in getimageinfo allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services e.g., AWS 169.254.169.254. This is a blind SSRF with confirmed internal port scanning...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:39 p.m.15 views

NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

2.3CVSS5.7AI score0.00197EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:38 p.m.22 views

NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:35 p.m.12 views

NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:35 p.m.41 views

NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:35 p.m.13 views

NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

5.4CVSS5.7AI score0.00099EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.20 views

NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

Summary The OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

2CVSS5.8AI score0.00151EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.12 views

NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)

Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.13 views

NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI injection. Details PageLeavingWarning.vue reads ncRedirectUrl and ncBackUr...

6.1CVSS6AI score0.00156EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:33 p.m.16 views

MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...

8.8CVSS6AI score0.00376EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:28 p.m.11 views

SpiceDB: Caveat structures with nested lists can result in improper cache reuse

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

2.3CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:24 p.m.13 views

Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Impact - Key: challenger/src/multifieldchallenger.rs | MultiField32Challenger::duplexing | transcriptmalleability - Affected files: challenger/src/multifieldchallenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed fiel...

8.9CVSS5.8AI score0.00108EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:22 p.m.12 views

Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and...

7.5CVSS6AI score0.00152EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:20 p.m.12 views

Snappy : SSRF and local file read via the xsl-style-sheet option

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:17 p.m.12 views

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:16 p.m.31 views

Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Summary Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps it needs that to load function code, env vars, and config. The runtime pod's automounted token was reachable from...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:14 p.m.14 views

Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger

Summary The Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers svc/router, port 8888, so...

9.8CVSS5.9AI score0.00353EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:7 p.m.16 views

Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...

8.8CVSS6AI score0.00344EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:58 p.m.14 views

Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...

6.1CVSS5.7AI score0.0018EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:54 p.m.14 views

pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API

Summary The SSRF mitigation added in commit 33c55da for GHSA-7gvf-3w72-p2pg is incomplete. The PREREQFUNCTION-based private IP check was correctly applied to HTTPChunk download path but not to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an...

5CVSS5.8AI score0.00176EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:50 p.m.14 views

nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item

Impact A remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state synchronization freshly joining nodes and recovering nodes. A malicious peer can respond to a RequestChunk with a ResponseChunk::Chunk whose...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:46 p.m.14 views

nimiq-blockchain: Genesis batch set request

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates backwards through macro blocks using Policy::macroblockbefore. When it reaches the genesis block number, macroblockbefore panics...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:45 p.m.20 views

nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:38 p.m.11 views

nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score0.0015EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:33 p.m.13 views

lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "getmodelarch and related helpers hardcode trustremotecode=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this repor...

7.8CVSS6.5AI score0.00148EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:28 p.m.13 views

Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

2.3CVSS6.4AI score0.00286EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 6:33 p.m.7 views

Apache Fory PyFory Deserialization of Untrusted Data

Fory PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory Python-native mode with strict mode disabled and relies o...

9.8CVSS5.7AI score0.00574EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:59 p.m.13 views

@sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:57 p.m.16 views

md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

Summary A cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution ...

7.2CVSS6AI score0.00213EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:56 p.m.15 views

Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing...

7.2CVSS6.5AI score0.0039EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:42 p.m.14 views

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:30 p.m.16 views

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:14 p.m.11 views

samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...

8.8CVSS5.9AI score0.00383EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:11 p.m.10 views

androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:9 p.m.12 views

androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)

Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 5:5 p.m.11 views

Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: fileid is used to construct both...

5.3CVSS6.3AI score0.00376EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 4:53 p.m.14 views

Klever-Go KVM read-only execution can commit contract delete and upgrade side effects

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

6AI score0.00057EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 4:46 p.m.11 views

Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling...

9.3CVSS6.1AI score0.00397EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 4:36 p.m.13 views

OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 3:34 p.m.7 views

Apache Camel K: Kubernetes namespace authorized users can create a Build resource

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 9:32 a.m.6 views

Mattermost has a Path Traversal issue

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action UR...

9.9CVSS6AI score0.00249EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 9:32 a.m.4 views

Mattermost has an Incorrect Authorization issue

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 6:31 a.m.9 views

MLflow authenticated users can enumerate any registered model versions due to lack of per-model permissions checks

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS6.3AI score0.00441EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/20 9:31 p.m.8 views

Drupal Core has a SQL Injection issue

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

9.8CVSS6.1AI score0.84631EPSS
Exploits14References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/20 9:7 p.m.40 views

Investigation update: GitHub Enterprise Server signing key rotation

May 26, 2026 : GitHub recently detected a cyber-attack and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. It's important to note that this investigation is still ongoing, and we will continue to...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/20 6:31 p.m.7 views

Keycloak: Insufficient verification proof scoping enables identity provider account linking attack and account compromise

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

8.1CVSS5.4AI score0.00312EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities33227