Lucene search
+L

12 matches found

CVE
CVE
added 2026/06/12 6:42 p.m.33 views

CVE-2026-42604

The CVE concerns Actual Budget’s sync-server (local-first Personal Finance tool). Versions ≤ 26.4.0 expose the full OpenID Connect configuration, including the OAuth2 client_secret, via POST /openid/config to callers who know the bootstrap password. The endpoint lacks authentication and rate limi...

9.1CVSS5.3AI score0.004EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 7:33 p.m.7 views

GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API

Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/16 9:23 a.m.33 views

CVE-2025-14844 Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

8.2CVSS0.00419EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-23270

Malicious code in bioql PyPI...

4.4CVSS6.4AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1374

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00397EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/05/31 1:26 a.m.2 views

SUSE CVE-2025-48374

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f, when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout...

6.9CVSS6.9AI score0.00152EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.13 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

6.5CVSS6.7AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2025/05/22 9:15 p.m.17 views

CVE-2025-48374

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f, when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout...

6.9CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2025/01/24 4:33 p.m.887 views

CVE-2025-22610

Summary: CVE-2025-22610 affects Coolify prior to 4.0.0-beta.361, where missing authorization lets any authenticated user fetch and modify the global OAuth configuration, exposing the OAuth client ID and client secret for every custom provider. Affected component/flow: global Coolify OAuth configu...

7.1CVSS6.4AI score0.00376EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/11/22 7:58 p.m.9 views

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

5.3CVSS6.6AI score0.00628EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/10/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

9.9CVSS5.8AI score0.09685EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.6 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

7AI score0.00397EPSS
Exploits0References2
Rows per page
Query Builder