EUVD-2023-36562

Malicious code in bioql PyPI...

EUVD-2024-55030

Malicious code in bioql PyPI...

EUVD-2024-3427

Malicious code in bioql PyPI...

Corezoid Process Engine 安全漏洞

Corezoid Process Engine is an application from Corezoid, Inc. helps companies build, manage, host and run processes in the cloud. A security vulnerability exists in Corezoid Process Engine version 6.6.0, which stems from the presence of an open redirection in the redirecturi parameter in the OAut...

Linux Distros Unpatched Vulnerability : CVE-2020-7692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an...

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

CVE-2025-53099

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...

CVE-2025-53099

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...

CVE-2025-53099 Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...

CVE-2025-53099

CVE-2025-53099 affects Sentry prior to 25.5.0. A race condition in handling of OAuth authorization codes could allow a malicious OAuth app to maintain persistence on a user’s account via timed requests/redirect flows and multiple authorization codes. The issue is mitigated by upgrading self-hoste...

Sentry 安全漏洞

Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. A security vulnerability exists in versions of Sentry prior to 25.5.0 that stems from mishandling of competitive conditions and authorization code that may be used as a way to keep user accoun...

CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

CVE-2023-2193

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...

CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

CVE-2016-3098

Cross-site request forgery CSRF vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code...

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

PT-2025-17434 · Sonos · Sonos

Name of the Vulnerable Software and Affected Versions: Sonos versions through 2025-04-21 Description: The issue concerns the /login/v3/oauth endpoint, which accepts a redirect uri containing userinfo in the authority component. This is inconsistent with RFC 6819 section 5.2.3.5, potentially...