4 matches found
CVE-2026-12740
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...
CVE-2026-12746
CVE-2026-12746 affects Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 (Perl). The underlying issue is that the OAuth 2.0 state parameter is not supported, causing the authentication_url to redirect without a state value and the callback to process the response without binding it to t...
CVE-2026-40948
The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...
PT-2025-47957
Name of the Vulnerable Software and Affected Versions Tuya SDK version 6.5.0 Tuya Smart application Smartlife application Description A Cross-Site Request Forgery CSRF issue exists in the OAuth implementation of the Tuya SDK. This affects the Tuya Smart and Smartlife mobile applications, as well ...