59 matches found
CVE-2026-42206
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...
Incorrect Authorization
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...
CVE-2026-5467
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
Casdoor vulnerable to Open Redirect
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
GHSA-MJ24-PQX2-6788 Casdoor vulnerable to Open Redirect
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-5467
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-5467
Casdoor 2.356.0 contains a vulnerability in the OAuth Authorization Request Handler where manipulating the redirect_uri enables an open redirect. The issue can be triggered remotely; a public exploit exists. The vendor was contacted but no response. No remediation details are provided in the sour...
CVE-2025-69196
FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for...
CVE-2025-64099
Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...
EUVD-2015-8348
Malware in sbrugna...
EUVD-2019-0393
Malware in sbrugna...
EUVD-2019-6842
Malware in sbrugna...
EUVD-2022-1699
Malicious code in bioql PyPI...
EUVD-2025-0052
Malicious code in bioql PyPI...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...
Vaultwarden vulnerable to user impersonation
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...
CVE-2024-55225
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...
CVE-2024-55225
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...
Vaultwarden 安全漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden versions prior to v1.32.5. An attacker exploiting this vulnerability could impersonate a user via a specially crafted...