EUVD-2026-31364

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

CVE-2026-7887 For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

EUVD-2026-30743

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

GHSA-3GX8-Q682-38MX OpenID Connect nonce generated but never validated — ID token replay attack

Summary The roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never stores it and never validates it on the callback. The OpenIdJwtConfigurationFactory validation chain does not include a...

CVE-2026-40948 Apache Airflow Providers Keycloak: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...

OpenBao lacks user confirmation for OIDC direct callback mode

Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...

PT-2026-25055

Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.3 Description Tinyauth is an authentication and authorization server. The OIDC token endpoint does not verify that the client exchanging an authorization code is the same client to which the code was originally...

ionic-spid-poc-crs

SPID SSO POC — Ionic React + Node.js + Signicat Sandbox A p...

oidc-poc

OIDC SSO Proof of Concept Proof of concept for bidirectional...

EUVD-2020-5533

Malware in sbrugna...

EUVD-2023-2675

Malicious code in bioql PyPI...

EUVD-2023-36562

Malicious code in bioql PyPI...

CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

PT-2024-37678 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...

Red Hat OpenShift 安全特征问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that stems from the OAuth2 protocol being vulnerable to cross-site request forge...

GitLab 12.3 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13272)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow CVE-2020-13272 Note that Nessus has not tested for this issue but...

quarkus-oidc: ID and access tokens leak via the authorization code flow

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

Insecure Session Cookie Handling

quarkus-oidc is vulnerable to Insecure OIDC Session Cookie Handling. The vulnerability exists because the library does not properly encrypt the OIDC session cookie value by default which leads to the leakage of both ID and access tokens in the authorization code flow when an insecure HTTP protoco...

GHSA-6HC9-CF8X-HF83 Quarkus OIDC can leak both ID and access tokens

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...