Lucene search
+L

77 matches found

euvd
euvd
added yesterday4 views

EUVD-2026-44745

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
attackerkb
attackerkb
added yesterday4 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.1AI score0.00029EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added yesterday18 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00029EPSS
Exploits0References3
cvelist
cvelist
added 6 days ago32 views

CVE-2026-12761 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.7.0 - Unauthenticated Authentication Bypass to Administrator Account Takeover via Profile Completion OTP Flow

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the...

9.8CVSS0.00463EPSS
Exploits0References6
github
github
added 2026/07/07 8:56 p.m.9 views

@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...

7.6CVSS6AI score0.00029EPSS
Exploits0References3Affected Software2
github
github
added 2026/07/07 8:11 p.m.6 views

Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth and has enabled at least one of: oidcProvider imported from better-auth/plugins/oidc-provider, or mcp imported from better-auth/plugins/mcp. - Their application has at least one confidential...

9.1CVSS6.1AI score0.00013EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.7 views

PT-2026-56302

Name of the Vulnerable Software and Affected Versions @better-auth/oauth-provider versions 1.6.0 through 1.6.10 better-auth versions 1.4.8-beta.7 through 1.6.10 Description The POST /oauth2/token endpoint for the authorization code grant redeems a single-use authorization code using a non-atomic...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.5 views

PT-2026-56297

Name of the Vulnerable Software and Affected Versions better-auth versions prior to 1.6.11 Description The legacy oidcProvider and mcp plugins expose an OAuth 2.0 token endpoint that fails to authenticate confidential clients during the refresh token grant. The system authenticates requests based...

9.1CVSS5.9AI score0.00013EPSS
Exploits0References8
euvd
euvd
added 2026/07/04 5:52 p.m.10 views

EUVD-2026-41686

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score0.00186EPSS
Exploits0References3
osv
osv
added 2026/07/02 7:21 p.m.2 views

GHSA-4Q9J-6299-GXMR Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth

Summary The Dragonfly Manager exposes GET /api/v1/oauth and GET /api/v1/oauth/:id to unauthenticated clients. The response body deserializes the entire manager/models.Oauth struct, which includes the clientsecret field. Any network-reachable attacker can read the OAuth client secrets configured f...

6.3CVSS6AI score
Exploits0References2
nvd
nvd
added 2026/06/26 5:16 p.m.9 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 4:2 p.m.8 views

EUVD-2026-39797

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References1
snyk
snyk
added 2026/06/12 11:7 a.m.9 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the AbstractOAuthDataProvider method when handling refresh tokens if the recycleRefreshTokens...

9.1CVSS5.4AI score0.00294EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/06/11 2:6 a.m.78 views

Exploit for Improper Authentication in Pocketbase

CVE-2026-44166 — PocketBase OAuth2 Account Pre-Hijacking Self...

7.6CVSS5.4AI score0.00247EPSS
Exploits1
cvelist
cvelist
added 2026/05/22 6:52 p.m.14 views

CVE-2026-40166 authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

7.1CVSS0.0046EPSS
Exploits0References3
nvd
nvd
added 2026/05/12 6:17 p.m.16 views

CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

7.6CVSS0.00247EPSS
Exploits1References1
github
github
added 2026/04/16 10:44 p.m.11 views

OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

7.1CVSS5.4AI score0.00212EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/04/06 4:1 p.m.24 views

CVE-2026-34969

Nhost CVE-2026-34969 affects the Nhost project (auth service) where, before 0.48.0, the OAuth provider callback incorrectly appended the refresh token as a URL query parameter during redirect. This caused refresh tokens to be exposed in browser history, server logs, HTTP Referer headers, and prox...

7.5CVSS5.9AI score0.00267EPSS
Exploits1References1Affected Software1
snyk
snyk
added 2026/04/01 11:36 p.m.5 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

7.5CVSS5.8AI score0.00267EPSS
Exploits1References2
nvd
nvd
added 2026/03/12 7:16 p.m.4 views

CVE-2026-32242

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent...

9.1CVSS0.00261EPSS
Exploits0References3
Rows per page
Query Builder