CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

Incorrect Authorization

Overview @better-auth/oauth-provider is an An oauth provider plugin for Better Auth Affected versions of this package are vulnerable to Incorrect Authorization via the createOAuthClientEndpoint endpoint. An attacker can gain unauthorized access to register OAuth clients by bypassing the intended...

GHSA-XR8F-H2GW-9XH6 OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the GalaxyFDSClientImpl.createHttpClient function. An attacker can intercept and modify communications by performing a man-in-the-middle attack when TLS hostname verification ...

EUVD-2011-4998

Malware in sbrugna...

EUVD-2025-27268

Malicious code in bioql PyPI...

CVE-2025-57817

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...

GHSA-HJFH-P8F5-24WR Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

...

SUSE CVE-2021-47425

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpii2cfindadapterbyhandle calls busfinddevice which takes a reference on the adapter which is never released which will result in a reference count leak and render...

DEBIAN-CVE-2021-47425

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpii2cfindadapterbyhandle calls busfinddevice which takes a reference on the adapter which is never released which will result in a reference count leak and render...

PT-2021-22727 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.7 and later Description: The application may allow a malicious user to create an OAuth client application with arbitrary scope names, potentially tricking unsuspecting users into authorizing the malicious client...

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess...

Apache CXF Fediz Cross-Site Request Forgery Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. Apache CXF Fediz is one of the subprojects , mainly used to provide authenticatio...