CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-27167

A flaw was found in Gradio. When Gradio applications run outside of Hugging Face Spaces and use OAuth components, they automatically enable "mocked" OAuth routes. A remote attacker can exploit this by visiting the /login/huggingface endpoint, which causes the server to retrieve its Hugging Face H...

CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...

Dropbox client - Multiple Vulnerabilities - SA-CONTRIB-2016-027

This module enables you to view dropbox files in your Drupal site. The module doesn't sufficiently sanitize filenames when displaying them to users or administrators leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must be able to...