Vulnerabilidades em ory
14 resultadosCVE-2020-15223HIGHIgnored storage errors on token revokation in ORY FositeEPSS 1.6%CVE-2021-32701HIGHPossible bypass of token claim validation when OAuth2 Introspection caching is enabledEPSS 1.3%CVE-2020-5300MEDIUMDisallow replay of `private_key_jwt` by blacklisting JTIs in HydraEPSS 1.0%CVE-2020-15222HIGHReplay of private_key_jwt possible in ORY FositeEPSS 0.9%CVE-2020-15234MEDIUMRedirect URL matching ignores character casingEPSS 0.8%CVE-2020-15233MEDIUMOAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addressesEPSS 0.8%CVE-2026-33494CRITICALOry Oathkeeper has a path traversal authorization bypassEPSS 0.5%CVE-2026-33506HIGHDOM-Based XSS in Ory Polis Login PageEPSS 0.4%CVE-2026-33504HIGHOry Hydra has a SQL injection via forged pagination tokensEPSS 0.3%CVE-2026-33496HIGHOry Oathkeeper has an authentication bypass by cache key confusionEPSS 0.3%CVE-2024-45042MEDIUMOry Kratos's `highest_available` setting does not properly respect code + mfa credentialsEPSS 0.3%CVE-2026-33503HIGHOry Kratos has a SQL injection via forged pagination tokensEPSS 0.3%CVE-2026-33495MEDIUMOry Oathkeeper has an authentication bypass by usage of untrusted headerEPSS 0.2%CVE-2026-33505HIGHOry Keto has a SQL injection via forged pagination tokensEPSS 0.2%