CVE-2026-44501

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

CVE-2026-44501

DataHub frontend (datahub-frontend-react) prior to 1.5.0.3 deserializes attacker-controlled Java objects from the REDIRECT_URL cookie during the OIDC callback (GET /callback/oidc) with no integrity protection. This CWE-502 Deserialization of Untrusted Data vulnerability requires a valid user acco...

CVE-2026-41473

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

CVE-2026-41472

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findingsjson field of...

CVE-2026-41473

CyberPanel before 2.4.4 is affected by an authentication bypass in the AI Scanner worker API endpoints. The endpoints /api/ai-scanner/status-webhook and /api/ai-scanner/callback allow unauthenticated remote writes to the database, enabling storage exhaustion DoS, corruption of scan history, and p...

CVE-2026-41472

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findingsjson field of...

CVE-2026-41472

CVE-2026-41472 affects CyberPanel versions prior to 2.4.4. The stored XSS occurs in the AI Scanner dashboard via POST /api/ai-scanner/callback where no authentication is required, allowing an attacker to overwrite the findings_json field in ScanHistory records and inject JavaScript. The injected ...

PT-2026-35083

Name of the Vulnerable Software and Affected Versions CyberPanel versions prior to 2.4.4 Description A stored cross-site scripting issue exists in the AI Scanner dashboard. The endpoint '/api/ai-scanner/callback' does not require authentication, allowing unauthenticated attackers to inject...

EUVD-2026-10824

Feathers has an OAuth Callback Account Takeover issue...

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

CVE-2026-24898

OpenEMR before version 8.0.0 contains an unauthenticated disclosure in the MedEx callback endpoint. The endpoint bypasses authentication ($ignoreAuth = true) and returns the full JSON response, including MedEx API tokens, when a callback_key is posted. This enables unauthenticated visitors to obt...

EUVD-2026-9328

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

CVE-2026-28415

A flaw was found in Gradio, an open-source Python package. The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter. A remote attacker can exploit this vulnerability by crafting a malicious URL, leading to an open redirect. This allows the attacker to...

PT-2026-22414

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.6.0 Description Gradio is a Python package for rapid prototyping. A flaw exists in the OAuth flow where the redirect to target function does not properly validate the target url query parameter. This allows redirecti...

CVE-2025-14461

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

CVE-2025-14461

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...