Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS
Exploits0References5
OSV
OSV
added 2025/07/10 6:0 a.m.7 views

BIT-MOODLE-2025-53021

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the...

4.2CVSS6.6AI score0.00261EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.11 views

CVE-2024-28239

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...

5.4CVSS5.8AI score0.00583EPSS
Exploits1References1
OSV
OSV
added 2019/11/09 11:21 a.m.9 views

OPENSUSE-SU-2019:2452-1 Recommended update for MozillaThunderbird

This update for MozillaThunderbird to version 68.2.1 provides the following fixes: - Security issues fixed bsc1154738: CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. CVE-2019-11758:...

8.8CVSS8.4AI score0.06643EPSS
Exploits3References16
Rows per page
Query Builder