Lucene search
K

4514 matches found

CVE
CVE
added 4 hours ago8 views

CVE-2026-9571

Mattermost CVE-2026-9571 affects versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, and 10.11.x

5.9CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 7 hours ago45 views

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery

The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via...

6.1CVSS6.4AI score0.71601EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago63 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago12 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
Nuclei
Nuclei
added 7 hours ago41 views

Discourse OAuth Social Login - Cross-site Scripting

Discourse versions prior to 3.5.0.beta6 contain a stored Cross-Site Scripting XSS vulnerability in the OAuth/social login functionality. The vulnerability is caused by lack of proper content security policy enforcement when processing social login failures,allowing remote attackers to inject and...

8.1CVSS6.2AI score0.0063EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago23 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.2AI score0.50694EPSS
Exploits5References4
CVE
CVE
added 3 days ago6 views

CVE-2026-57807

The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-57219

RabbitMQ suffers an unauthenticated disclosure vulnerability in the management API: the obsolete GET /api/auth endpoint can reveal the OAuth 2 client secret on installations configured with management.oauth_client_secret prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue arises when ...

8.7CVSS6.1AI score0.0033EPSS
Exploits0References6
CVE
CVE
added 3 days ago5 views

CVE-2026-57218

RabbitMQ AMQP 0-9-1 vulnerability (CVE-2026-57218) allows an existing consumer to continue receiving messages after OAuth token expiry or update_secret refresh, due to channel user state changes not triggering reauthorization at delivery time. Root cause: existing consumers are not canceled or re...

4.9CVSS6.1AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-55672

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS0.00359EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42759

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42758

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS6AI score0.00422EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-12595

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-12597

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS0.00422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57277

Name of the Vulnerable Software and Affected Versions miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn versions prior to 7.7.1 Description An authentication bypass exists in the Profile Completion flow that allows for account takeover. The issue occurs because the plugin...

9.8CVSS6.2AI score0.00463EPSS
Exploits0References12
CVE
CVE
added 4 days ago11 views

CVE-2026-12595

CVE-2026-12595 concerns the LoginPress Pro WordPress plugin. It enables an unauthenticated attacker to bypass authentication via an unverified Discord email. The flaw resides in the loginpress_on_discord_login() OAuth callback handler, which accepts the email from Discord’s /users/@me response wi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-12598

CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
Rows per page
Query Builder