Lucene search
K

67 matches found

CVE
CVE
added yesterday19 views

CVE-2026-55672

Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...

7.4CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday27 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 8:19 p.m.5 views

EUVD-2026-41629

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

5.9AI score0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.13 views

CVE-2026-26247

Gitea versions before 1.25.5 are affected by an OAuth2 PKCE S256 verification weakness during the authorization/token-exchange flow. The underlying issue is that PKCE S256 is not persisted/validated correctly, allowing token exchange without the required verifier check. Impact is a potential acce...

9.1CVSS5.9AI score0.00379EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

5.9AI score0.00379EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.8 views

PT-2026-55597

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to correctly persist the OAuth2 PKCE S256 challenge method during the authorization process. This flaw allows for token exchange without the required verifier check. PKCE Proof Key...

9.1CVSS6.2AI score0.00379EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/18 1:52 p.m.8 views

ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS5.9AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/06/18 1:52 p.m.3 views

Incorrect Authorization

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Incorrect Authorization in the CodeExchange and RefreshToken processes. An attacker can gain unauthorized access to user accounts or maintain persiste...

9.1CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:52 p.m.11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CodeExchange and RefreshToken processes. An attacker can gain unauthorized access to user accounts or maintain persistent access from an unauthorized client by presenting intercepted authorization codes or...

9.1CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

9.8CVSS0.00511EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.38 views

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

0.00511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

6.1CVSS5.5AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:20 p.m.8 views

GHSA-8M7C-HF24-5G47 NocoDB: OAuth Authorization Code Race Condition

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read isused and called markAsUsed as an unconditional upda...

6.3CVSS5.6AI score0.00197EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:22 a.m.9 views

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

6.1CVSS5.9AI score0.00117EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42432

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

6.1CVSS5.9AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of mandatory...

3.8CVSS5.9AI score0.00118EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/15 5:33 p.m.10 views

Cross-site Request Forgery (CSRF)

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF when building an errorURL in parseGenericState, when the storeStateStrategy is set to "cookie" and PKCE is disabled. An...

5.9CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/04/23 7:17 p.m.4 views

CVE-2026-41213

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS0.00259EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 6:33 p.m.9 views

EUVD-2026-25272

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References1
Rows per page
Query Builder