295 matches found
EUVD-2026-10408
Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange...
CVE-2026-1698
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...
CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...
CVE-2026-25649 Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The redirecturi parameter is not validated against a...
CVE-2026-25649
Traccar (open-source GPS tracking) up to version 6.11.1 is affected by CVE-2026-25649 due to an open redirect in two OIDC endpoints. The redirect_uri is not validated against a whitelist, enabling authenticated users to steal OAuth 2.0 authorization codes by steering them to attacker‑controlled U...
CVE-2026-25649 Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The redirecturi parameter is not validated against a...
CVE-2026-25649 Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The redirecturi parameter is not validated against a...
ionic-spid-poc-crs
SPID SSO POC — Ionic React + Node.js + Signicat Sandbox A p...
oidc-poc
OIDC SSO Proof of Concept Proof of concept for bidirectional...
CVE-2017-18924
oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
EUVD-2020-19412
Malware in sbrugna...
EUVD-2018-0441
Malware in sbrugna...
EUVD-2021-2044
Malware in sbrugna...
EUVD-2020-5533
Malware in sbrugna...
EUVD-2019-0551
Malware in sbrugna...
EUVD-2025-10094
Malicious code in bioql PyPI...
EUVD-2024-19958
Malicious code in bioql PyPI...
EUVD-2024-1035
Malicious code in bioql PyPI...
EUVD-2022-7166
Malicious code in bioql PyPI...
EUVD-2023-2675
Malicious code in bioql PyPI...