Lucene search
K

137 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 5:58 p.m.16 views

CVE-2026-12740

Summary: CVE-2026-12740 affects Plack::Middleware::OAuth for Perl up to version 0.10. The core issue is lack of OAuth 2.0 state parameter handling, enabling login CSRF. Specifically, RequestTokenV2 builds the authorization redirect without a state value, and AccessTokenV2 exchanges the callback c...

8.1CVSS5.9AI score0.00172EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 6:3 p.m.37 views

CVE-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS0.00579EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 3:48 p.m.32 views

CVE-2026-54030 LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...

8CVSS0.00113EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

9.9CVSS0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:25 p.m.13 views

EUVD-2026-38228

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 11:32 p.m.14 views

n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could...

9.9CVSS5.6AI score0.00343EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/12 4:17 a.m.15 views

CVE-2026-48612

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover...

8CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 6:16 p.m.18 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS0.00344EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:10 p.m.11 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.8 views

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 6:42 p.m.12 views

@workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 6:28 p.m.4 views

CVE-2026-42230 n8n: Open Redirect in MCP OAuth Consent Flow

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...

5.1CVSS5.9AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 10:38 p.m.4 views

GHSA-JJ8C-MMJ3-MMGV Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

5.4CVSS5.8AI score0.00106EPSS
Exploits1References4
NVD
NVD
added 2026/04/11 1:16 a.m.9 views

CVE-2026-3691

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...

5.3CVSS0.00459EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/11 12:17 a.m.5 views

EUVD-2026-21623

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...

5.3CVSS5.9AI score0.00459EPSS
Exploits0References2
OSV
OSV
added 2026/04/11 12:17 a.m.2 views

CVE-2026-3691 OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...

5.3CVSS6.1AI score0.00459EPSS
Exploits0References4
NVD
NVD
added 2026/04/06 10:16 p.m.7 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

9.3CVSS0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 6:28 p.m.5 views

CVE-2026-27124

A flaw was found in FastMCP and FastMCP OAuthProxy. The OAuthProxy, used for GitHub OAuth authentication, does not properly validate a user's consent after receiving an authorization code from GitHub. This, combined with GitHub's behavior of skipping the consent page for previously authorized...

8.2CVSS6AI score0.00207EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 6:36 p.m.6 views

EUVD-2026-17921

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

5.4CVSS5.9AI score0.00167EPSS
Exploits0References2
Rows per page
Query Builder