CVE-2026-1322 Business Logic Errors in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...

CVE-2026-29198

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

CVE-2026-29198

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

CVE-2017-18872

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider...

SUSE CVE-2017-18872

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider...

EUVD-2017-9962

Malware in sbrugna...

EUVD-2018-0181

Malware in sbrugna...

`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

Summary A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Details go-gh sources authentication tokens from different environment variables depending on the host involved: - GITHUBTOKEN...

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is no...

CVE-2017-18872

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider...

Kubernetes: Github test clientID and clientSecret leaked

Report Submission Form Summary: A github clientID and clientSecret for an oauth app are being leaked on github Description While looking for anything that is interesting on github I a clientID and clientSecret for a github oauth app hardcoded. While they have been removed a long time ago, they ar...