370 matches found
CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...
CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...
CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...
PT-2026-49287
Name of the Vulnerable Software and Affected Versions ThingsBoard version 4.3.0.1 Description An authentication bypass exists during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the '/login/oauth2/code/' endpoint...
CVE-2026-43515 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43514 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-42498 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43513 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43512 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-41293 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-41284 vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-H6FC-48RJ-7QQH vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-GX5V-XP9W-J4CG vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-R29C-68GH-XP6X vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-9M89-8FRQ-C98C vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-5MP6-JRQ3-R938 vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-FV25-8XCX-GQJC vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-5M62-PW8W-7W9F vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...