Insufficient Verification of Data Authenticity vulnerability in Apache APISIX.
The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity h
A vulnerability of plugin openid-connect in Apache APISIX.
This vulnerability will only have an impact if all of the following conditions are met:
1. Use the openid-connect plugin with introspection
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default.
This issue aff
Improper Input Validation vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers.
This issue affects Apache APISIX:
Improper Validation of Integrity Check Value vulnerability in Apache APISIX.
The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.
This issue affects Apache APIS
Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.
This issue affects Apach
Header injection vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2.
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.
This could allow
Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different sou
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clien
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session to
Use of Less Trusted Source vulnerability in Apache APISIX.
Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information an
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connec
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft.
This issue
Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some cr
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, whic
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPrese
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gatew
Page 1+ Next →