CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

CVE•added 2026/04/23 6:33 p.m.•28 views

CVE-2026-41213

The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...

5.9CVSS5.8AI score0.00259EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/23 12:0 a.m.•6 views

PT-2026-34722

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code verifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.8AI score0.00259EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by