A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. A ...
Continue Reading
July 04, 2025
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which ...
Continue Reading
July 04, 2025
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GE ...
Continue Reading
July 04, 2025
MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the...Read More ...
Continue Reading
July 04, 2025
MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass...Read More ...
Continue Reading
July 04, 2025
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. A ...
Continue Reading
July 03, 2025
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker ...
Continue Reading
July 03, 2025
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which m ...
Continue Reading
July 03, 2025
Back to Main
