332 matches found
CVE-2026-53518
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...
CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...
CVE-2026-53518
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...
CVE-2026-53518
CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...
CVE-2026-55672
Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the authorizationcode grant handler. An attacker can obtain multiple valid access...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview @better-auth/oauth-provider is an An oauth provider plugin for Better Auth Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the authorizationcode grant handler. An attacker can obtain multiple valid access,...
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...
PT-2026-56302
Name of the Vulnerable Software and Affected Versions @better-auth/oauth-provider versions 1.6.0 through 1.6.10 better-auth versions 1.4.8-beta.7 through 1.6.10 Description The POST /oauth2/token endpoint for the authorization code grant redeems a single-use authorization code using a non-atomic...
EUVD-2026-41941
Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...
CVE-2026-26232
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...
CVE-2026-26232
Gitea before 1.25.5 is vulnerable to a replay attack due to inadequate enforcement of OAuth2 authorization code expiry and single-use behavior during the token exchange. The Snyk entries describe the issue across affected code paths (e.g., models/auth and routers/web/auth) and state that an attac...
CVE-2026-26232
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...
EUVD-2026-41628
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...
CVE-2026-26232 Gitea OAuth2 authorization codes lack expiry and reuse enforcement
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...
CVE-2026-26232 Gitea OAuth2 authorization codes lack expiry and reuse enforcement
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...
PT-2026-55596
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software does not consistently enforce the expiry and single-use requirement of OAuth2 authorization codes during the token exchange process. OAuth2 is a standard for access delegation, allowing...
GHSA-9RC6-8CJV-RCVX Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
Description The getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header: go func getRedirectURLc gin.Context string scheme := "http://" referer := c.Request.Referer if...