Lucene search
K

6 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.11 views

CVE-2026-50083

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40933

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through an unvalidated pagination...

9.9CVSS6AI score0.00632EPSS
Exploits1References12
Snyk
Snyk
added 2026/04/16 9:52 p.m.8 views

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving...

10CVSS5.5AI score0.00308EPSS
Exploits1References2
OSV
OSV
added 2022/11/04 7:1 p.m.2 views

GHSA-5R3H-C3R7-9W4H Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

8.1CVSS5.9AI score0.00704EPSS
Exploits1References5
Hacker One
Hacker One
added 2016/01/13 2:14 p.m.20 views

X (Formerly Twitter): Bypassing Digits bridge origin validation

Hi, I would like to report an issue in the bridge proxy in Digits which allows attacker to retrieve the OAuth credential data of an application victims authorized. Detail In the Digits Web SDK, the method getLoginStatus can be used to retrieve the OAuth credential data of an application if the us...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/01/04 4:49 p.m.33 views

X (Formerly Twitter): Bypassing callback_url validation on Digits

Hi, I would like to report an issue in Digits which allows attacker to bypass the callbackurl validation of an application and thus takeover an account. Detail Digits is a part of the Fabric SDK which offers phone-based sign in. It also provides web login flow. In the navigation-based...

7AI score
Exploits0
Rows per page
Query Builder