Lucene search
K

57 matches found

Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added last week37 views

CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

0.00379EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 6:16 p.m.8 views

CVE-2026-47775

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:23 p.m.6 views

CVE-2026-47775

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:23 p.m.35 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52886

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description The OAuth2 HTTP filter uses AES-256-CBC in its encrypt and decrypt functions without an authentication tag...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References19
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41213

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.5AI score0.00259EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/05 4:20 p.m.7 views

Race Condition

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Race Condition through a race condition in the OAuth token exchange. An attacker can obtain multiple valid token pairs by making concurrent requests using the same authorization code and PKCE verifier. Remediation...

6.3CVSS5.4AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 5:33 p.m.4 views

GHSA-WXW3-Q3M9-C3JR Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

Am I affected? Users are affected if all of the following are true: - The application uses better-auth at a version below 1.6.2 or @better-auth/sso paired with such a version. - betterAuth account: storeStateStrategy is set to "cookie". The default "database" is not affected. - The application...

5.3CVSS6AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/23 6:33 p.m.3 views

CVE-2026-41213 @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.3AI score0.00259EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:33 p.m.4 views

CVE-2026-41213

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/23 6:33 p.m.9 views

EUVD-2026-25272

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 6:33 p.m.35 views

CVE-2026-41213

The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/23 6:33 p.m.36 views

CVE-2026-41213 @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS0.00259EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34722

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code verifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.8 views

@node-oauth/oauth2-server 安全漏洞

@node-oauth/oauth2-server is an open-source Node.js OAuth2 server implementation that adheres to RFC standards. @node-oauth/oauth2-server has a security vulnerability; this vulnerability stems from the token exchange path accepting an invalid codeverifier value according to RFC7636, which may lea...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:22 p.m.3 views

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.7AI score0.00328EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/16 11:36 p.m.4 views

BIT-AUTHENTIK-2023-48228 OAuth2: PKCE can be fully circumvented

authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....

9.8CVSS7.3AI score0.01237EPSS
Exploits1References11
Snyk
Snyk
added 2026/04/16 9:9 p.m.10 views

Improper Validation of Unsafe Equivalence in Input

Overview @node-oauth/oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the token process. An attacker can obtain...

8.2CVSS5.8AI score0.00259EPSS
Exploits1References3
OSV
OSV
added 2026/04/16 9:9 p.m.11 views

GHSA-JHM7-29PJ-4XVF @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

Summary The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can...

5.9CVSS5.9AI score0.00259EPSS
Exploits1References3
Rows per page
Query Builder