Lucene search
K

49 matches found

Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.2 views

CVE-2025-63784

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...

6.4AI score0.00408EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/29 10:13 p.m.6 views

CVE-2025-62800

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

6.1CVSS6.3AI score0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.4 views

WordPress Plugin Analytics Insights for Google Analytics 4 (AIWP) Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS6.5AI score0.01254EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2023/11/20 11:25 p.m.45 views

Possible user mocking that bypasses basic authentication

Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow state, PKCE or nonce. Manually overriding the...

5.3CVSS6.5AI score0.007EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2023/11/20 7:15 p.m.16 views

Design/Logic Flaw

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

5CVSS6.9AI score0.007EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/11/20 6:25 p.m.34 views

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

5.3CVSS5.4AI score0.007EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.3 views

CVE-2022-28133

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create BitBucket Server consumers...

5.4CVSS5.8AI score0.00792EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/16 6:0 p.m.6 views

UBUNTU-CVE-2021-3939

Ubuntu-specific modifications to accountsservice in patch file debian/patches/0010-set-language.patch caused the fallbacklocale variable, pointing to static storage, to be freed, in the userchangelanguageauthorizedcb function. This is reachable via the SetLanguage dbus function. This is fixed in...

7.8CVSS5.8AI score0.00347EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/12/04 5:5 a.m.19 views

X (Formerly Twitter): Improper Host Detection During Team Up on tweetdeck.twitter.com

Hi Give this url https://twitter.com/teams/authorize?targetscreenname=&authorizecallback=https%3A%2F%2F%0Agoogle.com%[email protected] to any authorised user for team up and after authorization of his 2nd account he will be redirected to google.com . First I tried to make it malicious with adding...

6.8AI score
Exploits0
Rows per page
Query Builder