15 matches found
CVE-2026-27193
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
CVE-2026-27192 Feathers has an origin validation bypass via prefix matching
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...
CVE-2026-27192 Feathers has an origin validation bypass via prefix matching
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...
CVE-2026-27192
Feathersjs vulnerability CVE-2026-27192 affects 5.0.39 and earlier. The origin validation in getAllowedOrigin() uses startsWith() to compare Referer against allowed origins, which can be bypassed by registering a domain with a shared prefix (e.g., https://target.com.attacker.com vs https://target...
CVE-2026-27192 Feathers has an origin validation bypass via prefix matching
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...
CVE-2026-27191 Feathers: Open Redirect in OAuth callback enables account takeover
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...
CVE-2026-27191 Feathers: Open Redirect in OAuth callback enables account takeover
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...
PT-2026-21347
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...
PT-2026-21348
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
Open Redirect
Overview @feathersjs/authentication-oauth is an oAuth 1 and 2 authentication for Feathers. Powered by Grant. Affected versions of this package are vulnerable to Open Redirect due to the improper validation of redirect query parameter. An attacker can obtain a victim's access token and impersonate...
MySQL安全调用特权提升漏洞
MySQL是一款开放源代码的数据库程序。 MySQL在部分函数过程中不正确恢复访问特权,远程攻击者可以利用漏洞提升权限,进行其他攻击。 目前没有详细漏洞细节提供。 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1...
CVE-2007-2583
The indecimal::set function in itemcmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service crash via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference...
Oracle MySQL < 5.0.40 IF Query NULL Dereference DoS
Binary data 3985.prm...