PT-2026-36902

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The '/mcp-oauth/register' endpoint allows OAuth client registrations without authentication, which permits the registration of arbitrary...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via sensitive API endpoints. Low-privileged users can bypass authorization checks to access /api/users, /api/oauth, /api/notifier/amazonsns, and /api/settings/export. Remediation There is no fixed version for...

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

statping-ng 安全漏洞

Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability. This vulnerability stems from improper handling of specially crafted requests for endpoint API parameters such as oauth, amazonsns, and export, which...

PT-2026-7651

Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon sns, and export API endpoints. Recommendations Apply updates to address the issu...

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

HedgeDoc 跨站请求伪造漏洞

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site request forgery vulnerability exists in HedgeDoc versions prior to 1.10.4, which stems from a lack of CSRF protection in the OAuth2 endpoint and could lead to cross-si...

EUVD-2019-8957

Malware in sbrugna...

EUVD-2013-6540

Malware in sbrugna...

EUVD-2023-0968

Malicious code in bioql PyPI...

EUVD-2025-12378

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a...

CVE-2020-13312

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter...

CVE-2022-4145

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...

CVE-2022-4145 Content spoofing

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

Cross site scripting

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

keycloak: reflected XSS attack

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...