Lucene search
K

16 matches found

OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50741

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description The OAuth2 / OIDC CodeExchange and RefreshToken implementations fail to validate that the requesting client matches the client that originally initiated th...

7.4CVSS6AI score
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/18 6:33 a.m.8 views

CVE-2026-6334 OAuth authorization code client binding not enforced during token redemption in Mattermost

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.1CVSS5.9AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:33 a.m.26 views

CVE-2026-6334

Mattermost versions 11.5.x <= 11.5.1 and 10.11.x

3.8CVSS5.9AI score0.00118EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 6:33 a.m.48 views

CVE-2026-6334 OAuth authorization code client binding not enforced during token redemption in Mattermost

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.1CVSS0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41644

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Description An issue exists in the OAuth authorization code redemption flow where client identity binding is not enforced. This allows an authenticated OAut...

3.8CVSS5.9AI score0.00118EPSS
Exploits0References9
OSV
OSV
added 2026/03/12 8:57 p.m.4 views

GO-2026-4689 Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth

Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

6.5CVSS5.8AI score0.0025EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/12 6:57 p.m.24 views

CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

6.5CVSS0.0025EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 6:57 p.m.13 views

CVE-2026-32245

CVE-2026-32245 concerns Tinyauth, an authentication/authorization server. The issue, present before 5.0.3, is that the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client to which the code was issued. A malicious OIDC client operator can exchang...

6.5CVSS5.8AI score0.0025EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/12 6:57 p.m.5 views

CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

6.5CVSS5.9AI score0.0025EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/12 4:38 p.m.6 views

EUVD-2026-11679

Tinyauth's OIDC authorization codes are not bound to client on token exchange...

6.5CVSS5.8AI score0.0025EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/12 4:38 p.m.7 views

Tinyauth's OIDC authorization codes are not bound to client on token exchange

Summary The OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their own client credentials, obtaining tokens for users who never...

6.5CVSS5.9AI score0.0025EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/12 4:38 p.m.4 views

GHSA-XG2Q-62G2-CVCM Tinyauth's OIDC authorization codes are not bound to client on token exchange

Summary The OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their own client credentials, obtaining tokens for users who never...

6.5CVSS5.9AI score0.0025EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.6 views

CVE-2024-48416

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding...

8.8CVSS8.7AI score0.00458EPSS
Exploits1References1
CVE
CVE
added 2025/01/27 12:0 a.m.56 views

CVE-2024-48416

CVE-2024-48416 affects Edimax AC1200 Wi‑Fi 5 Dual‑Band Router BR‑6476AC (firmware 1.06). The vulnerability is a buffer overflow in the /goform/fromSetLanDhcpsClientbinding endpoint, caused by lack of input size validation. Exploitation can lead to a remote attacker executing arbitrary commands or...

8.8CVSS7.2AI score0.00458EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

2.1CVSS6.5AI score0.00217EPSS
Exploits0References3
Rows per page
Query Builder