Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

7.6CVSS5.4AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51284

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions 10.0 and 10.1 Description A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. An attacker with access to these credentials could impersonate the...

4.7CVSS6.7AI score0.00239EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.18 views

FreeBSD : Gitlab -- Vulnerabilities (275ac414-b847-11ef-9877-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 275ac414-b847-11ef-9877-2cf05da270f3 advisory. Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response...

8.7CVSS5.7AI score0.0075EPSS
Exploits8References12
FreeBSD
FreeBSD
added 2024/12/11 12:0 a.m.29 views

Gitlab -- Vulnerabilities

Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CIJOBTOKEN could be used to obtain GitLab session Open redirect in releases API...

8.7CVSS6.4AI score0.0075EPSS
Exploits8References1
NVD
NVD
added 2024/07/09 2:15 p.m.23 views

CVE-2024-2177

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...

6.8CVSS0.00651EPSS
Exploits1References2
OSV
OSV
added 2024/07/09 2:15 p.m.3 views

UBUNTU-CVE-2024-2177

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...

6.8CVSS5.8AI score0.00651EPSS
Exploits1References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/22 4:0 p.m.33 views

Malicious OAuth applications abuse cloud email services to spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...

0.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/14 5:0 p.m.31 views

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...

0.2AI score
Exploits0
FireEye
FireEye
added 2018/05/21 11:15 a.m.523 views

Shining a Light on OAuth Abuse with PwnAuth

Introduction Spear phishing attacks are seen as one of the biggest cyber threats to an organization. It only takes one employee to enter their credentials or run some malware for an entire organization to become compromised. As such, companies devote significant resources to preventing credential...

Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/05/08 6:13 p.m.27 views

Pawn Storm – A Look Into this Cyberespionage Actor Group

In April 2017 my monthly threat webinar focused on a cyberespionage group our Forward-Looking Threat Researcher, Feike Hacquebord, has been following for many years and recently published a report into the most recent two years of activities. In this post I want to focus on their tools and tactic...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/12/20 7:14 a.m.197 views

Pornhub: Account takeover via Pornhub Oauth

The researcher found it was possible to take over a YouPorn account by using an unverified account with matching email address to sign up to PornHub. this vulnerability works by abusing an insecure OAuth implementation. Due to improperly implemented oauth fuctionality and lack of user information...

1.3AI score
Exploits0
Rows per page
Query Builder