Lucene search
+L

135459 matches found

nvd
nvd
added yesterday6 views

CVE-2026-58660

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS
Exploits0References4
nvd
nvd
added yesterday5 views

CVE-2026-53515

Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...

7.1CVSS0.00028EPSS
Exploits0References4
nvd
nvd
added yesterday5 views

CVE-2026-20298

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS
Exploits0References1
osv
osv
added yesterday4 views

GHSA-6QVR-WJMV-V8MM Koel: Incomplete fix for CVE-2026-47260 — systemic SSRF in podcast & radio fetch paths

Summary The fix for CVE-2026-47260 v9.3.5 added an initial isSafeUrl check to several fetchers synchronizeEpisodes, getStreamableUrl, AddRadioStation, EpisodePlayable, but the redirect-target validation — the per-hop Guzzle onredirect callback added in follow-up commit be1e867 — was applied to on...

7.1CVSS6.1AI score
Exploits0References7
github
github
added yesterday6 views

Koel: Incomplete fix for CVE-2026-47260 — systemic SSRF in podcast & radio fetch paths

Summary The fix for CVE-2026-47260 v9.3.5 added an initial isSafeUrl check to several fetchers synchronizeEpisodes, getStreamableUrl, AddRadioStation, EpisodePlayable, but the redirect-target validation — the per-hop Guzzle onredirect callback added in follow-up commit be1e867 — was applied to on...

7.7CVSS6.1AI score0.00263EPSS
Exploits0References7Affected Software1
osv
osv
added yesterday4 views

GHSA-RV48-QQJ5-CRXG Protobuf: Unbounded recursion depth in embedded-message decoding

Summary Unbounded recursion depth in Protobuf.Decoder Hex package protobuf, versions = 0.8.0, 0.16.1 lets an unauthenticated attacker crash any service that decodes untrusted protobuf messages whose schema contains a self-referential or cyclic message type. A small request body a few KB to a few ...

8.2CVSS6.1AI score
Exploits0References4
github
github
added yesterday6 views

Protobuf: Unbounded recursion depth in embedded-message decoding

Summary Unbounded recursion depth in Protobuf.Decoder Hex package protobuf, versions = 0.8.0, 0.16.1 lets an unauthenticated attacker crash any service that decodes untrusted protobuf messages whose schema contains a self-referential or cyclic message type. A small request body a few KB to a few ...

6.1AI score
Exploits0References4Affected Software1
osv
osv
added yesterday2 views

CVE-2026-53517 Better Auth OAuth Provider: Refresh Token Rotation Race Condition Allows Concurrent Replay and Token Family Forking

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References5
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-53517 Better Auth OAuth Provider: Refresh Token Rotation Race Condition Allows Concurrent Replay and Token Family Forking

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44745

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
cve
cve
added yesterday10 views

CVE-2026-53517

CVE-2026-53517 affects Better Auth’s oauth-provider (and related memory adapter) prior to version 1.6.11. The POST /oauth2/token refresh_token flow performs a non-atomic read–validate–revoke–mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh toke...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
attackerkb
attackerkb
added yesterday2 views

CVE-2026-53517

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References4Affected Software2
cvelist
cvelist
added yesterday20 views

CVE-2026-53517 Better Auth OAuth Provider: Refresh Token Rotation Race Condition Allows Concurrent Replay and Token Family Forking

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS0.00029EPSS
Exploits0References3
osv
osv
added yesterday4 views

GHSA-WJHR-76VG-2HVC garminconnect Has Insecure Permission Assignment for Garmin OAuth Token Store

Insecure Permission Assignment for Garmin OAuth Token Store Summary garminconnect ≤ 0.3.4 wrote its OAuth token store to disk without restricting file-system permissions. Under the default Linux umask 022 the token file garmintokens.json was created world-readable 0o644. The file contains the DI...

8.4CVSS6.1AI score
Exploits0References5
github
github
added yesterday9 views

garminconnect Has Insecure Permission Assignment for Garmin OAuth Token Store

Insecure Permission Assignment for Garmin OAuth Token Store Summary garminconnect ≤ 0.3.4 wrote its OAuth token store to disk without restricting file-system permissions. Under the default Linux umask 022 the token file garmintokens.json was created world-readable 0o644. The file contains the DI...

6.1AI score
Exploits0References5Affected Software1
osv
osv
added yesterday4 views

GHSA-8Q6Q-M837-FV64 Koel has SSRF through Authenticated Subsonic podcast feed URLs

Summary Koel's Subsonic createPodcastChannel.view endpoint accepts a user supplied podcast feed URL and fetches it server-side before applying the safe URL checks that are used for podcast episode enclosure URLs. An authenticated Subsonic API user can provide a loopback or internal URL as the fee...

6.4CVSS6.1AI score
Exploits0References3
github
github
added yesterday8 views

Koel has SSRF through Authenticated Subsonic podcast feed URLs

Summary Koel's Subsonic createPodcastChannel.view endpoint accepts a user supplied podcast feed URL and fetches it server-side before applying the safe URL checks that are used for podcast episode enclosure URLs. An authenticated Subsonic API user can provide a loopback or internal URL as the fee...

6.1AI score
Exploits0References3Affected Software1
osv
osv
added yesterday2 views

CVE-2026-53515 Better Auth: Privilege escalation via SSO provider registration: missing admin role check in @better-auth/sso

Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References6
euvd
euvd
added yesterday4 views

EUVD-2026-44740

Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-53515

CVE-2026-53515 : The Better Auth library, specifically the @better-auth/sso plugin, contains a privilege escalation in versions 1.2.10 through 1.6.11. The POST /sso/register endpoint incorrectly allows any organization member to attach a new SSO provider because registerSSOProvider checks only fo...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
Rows per page
Query Builder