Lucene search
+L

155 matches found

cve
cve
added yesterday12 views

CVE-2026-53518

CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...

7.6CVSS6.2AI score0.00029EPSS
Exploits0References3
euvd
euvd
added 3 days ago8 views

EUVD-2026-43305

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

6.5CVSS6.1AI score0.00174EPSS
Exploits0References2
nvd
nvd
added 3 days ago4 views

CVE-2026-9571

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

6.5CVSS0.00174EPSS
Exploits0References1
snyk
snyk
added 2026/07/07 8:55 p.m.6 views

Insufficient Session Expiration

Overview @better-auth/memory-adapter is a Memory adapter for Better Auth Affected versions of this package are vulnerable to Insufficient Session Expiration through the POST /oauth2/token endpoint during the refresh token granting. An attacker can gain unauthorized access by exploiting a race...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References5
github
github
added 2026/07/07 8:55 p.m.11 views

Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offlineaccess scope, so refresh token...

8.1CVSS5.9AI score0.00029EPSS
Exploits0References4Affected Software2
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.7 views

PT-2026-56301

Name of the Vulnerable Software and Affected Versions @better-auth/oauth-provider versions 1.6.0 through 1.6.10 better-auth versions 1.4.8-beta.7 through 1.5.x Description The @better-auth/oauth-provider POST /oauth2/token endpoint is susceptible to a race condition during the refresh token grant...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References7
osv
osv
added 2026/06/25 6:43 p.m.4 views

GO-2026-5388 Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback in github.com/nhost/nhost

Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback in github.com/nhost/nhost...

7.5CVSS5.8AI score0.00267EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/06/24 9:4 p.m.9 views

CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/24 9:4 p.m.24 views

CVE-2026-49277 Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS0.00215EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/23 8:3 p.m.30 views

CVE-2026-53928 NocoDB: Refresh Tokens Persist Through Password Recovery

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS0.00242EPSS
Exploits0References1
osv
osv
added 2026/06/23 8:3 p.m.2 views

CVE-2026-53928 NocoDB: Refresh Tokens Persist Through Password Recovery

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS6AI score0.00242EPSS
Exploits0References3
cve
cve
added 2026/06/23 8:3 p.m.24 views

CVE-2026-53928

NocoDB (CVE-2026-53928) had a flaw where a stolen refresh token could survive a password-forgot flow and be used to mint new JWTs after password reset. The root cause was that passwordForgot only rotated token_version and revoked OAuth tokens, but did not call UserRefreshToken.deleteAllUserToken(...

6.3CVSS5.9AI score0.00242EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/17 2:7 p.m.7 views

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/06/12 11:7 a.m.10 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the AbstractOAuthDataProvider method when handling refresh tokens if the recycleRefreshTokens...

9.1CVSS5.4AI score0.00294EPSS
Exploits0References2
nvd
nvd
added 2026/06/12 10:16 a.m.15 views

CVE-2026-50631

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

7.4CVSS0.00294EPSS
Exploits0References2
euvd
euvd
added 2026/06/12 8:59 a.m.12 views

EUVD-2026-36399

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

7.4CVSS5.2AI score0.00294EPSS
Exploits0References1
cve
cve
added 2026/06/12 8:59 a.m.48 views

CVE-2026-50631

CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...

7.4CVSS5.3AI score0.00294EPSS
Exploits0References2Affected Software1
github
github
added 2026/06/05 4:43 p.m.46 views

NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/05 4:43 p.m.15 views

GHSA-G72G-R7M4-9X4G NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.14 views

PT-2026-49060

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description OAuth access and refresh tokens are not revoked when a user changes, resets, or recovers their password. This occurs because the revokeAllOAuthTokensByUser function in the users service was an emp...

6.3CVSS5.9AI score0.00295EPSS
Exploits0References9
Rows per page
Query Builder