Lucene search
K

1176 matches found

Nuclei
Nuclei
added 16 hours ago56 views

pgAdmin 4 - Authentication Bypass

pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. id: CVE-2024-9014 info: name: pgAdmin 4 - Authentication Bypass author...

9.9CVSS7AI score0.09685EPSS
Exploits2References3
Cvelist
Cvelist
added yesterday20 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS0.00286EPSS
Exploits0References4
Nuclei
Nuclei
added 4 days ago139 views

Spring Security OAuth2 Remote Command Execution

Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote comma...

8.8CVSS7.4AI score0.79176EPSS
Exploits1References5
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

9.1CVSS0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.18 views

CVE-2026-26232

Gitea before 1.25.5 is vulnerable to a replay attack due to inadequate enforcement of OAuth2 authorization code expiry and single-use behavior during the token exchange. The Snyk entries describe the issue across affected code paths (e.g., models/auth and routers/web/auth) and state that an attac...

9.1CVSS6AI score0.00379EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 4:16 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 3:11 p.m.43 views

CVE-2026-14612 Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:11 p.m.6 views

EUVD-2026-41554

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 2:35 a.m.9 views

CVE-2026-54431

A flaw was found in liboauth2. The Demonstrating Proof-of-Possession DPoP verifier incorrectly accepts a malformed DPoP proof. This proof contains private key material in its JSON Web Key JWK header, which should be rejected according to RFC 9449. This vulnerability could allow an attacker to...

5.3CVSS5.8AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55548

Name of the Vulnerable Software and Affected Versions FreeIPA ipa-otpd daemon affected versions not specified Description Two off-by-one errors exist in the OAuth2 device authorization handler of the ipa-otpd daemon. These errors can lead to out-of-bounds memory access when the daemon processes a...

4.2CVSS6AI score0.00142EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/07/02 10:30 a.m.6 views

CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.8AI score0.00121EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.8AI score0.00219EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 6:3 p.m.16 views

CVE-2026-48090

Envoy CVE-2026-48090 affects the HTTP OAuth2 filter (envoy.filters.http.oauth2) in 1.37.0–1.37.5 and 1.38.3. A late AsyncClient completion can call OAuth2Filter methods after the downstream stream has been torn down, leading to undefined behavior, worker crashes, and use-after-free/invalid-vptr f...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:23 p.m.35 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:23 p.m.6 views

CVE-2026-47775

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:23 p.m.21 views

CVE-2026-47775

Envoy OAuth2 filter vulnerability (CVE-2026-47775): prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the encrypt()/decrypt() path uses AES-256-CBC without an authentication tag (no HMAC/AEAD), enabling a padding oracle via the /callback endpoint. An attacker with the encrypted CodeVerifier ...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52895

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....

5.9CVSS5.8AI score0.00579EPSS
Exploits1References18
NVD
NVD
added 2026/06/23 8:16 a.m.13 views

CVE-2026-9733

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS0.00339EPSS
Exploits0References4
Rows per page
Query Builder