Lucene search
K

168 matches found

CVE
CVE
added yesterday7 views

CVE-2026-59208

CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...

7.6CVSS5.9AI score
Exploits0References3Affected Software1
Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

9.1CVSS0.00379EPSS
Exploits0References4
NVD
NVD
added last week6 views

CVE-2026-26232

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

9.1CVSS0.00379EPSS
Exploits0References4
EUVD
EUVD
added last week7 views

EUVD-2026-41628

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

6AI score0.00379EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-26232

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

6AI score0.00379EPSS
Exploits0References5
Cvelist
Cvelist
added last week37 views

CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

0.00379EPSS
Exploits0References4
Cvelist
Cvelist
added last week34 views

CVE-2026-26232 Gitea OAuth2 authorization codes lack expiry and reuse enforcement

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

0.00379EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5231 Dex: Token-exchange endpoint is missing AllowedConnectors enforcement in github.com/dexidp/dex

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement in github.com/dexidp/dex...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/23 9:17 p.m.7 views

CVE-2026-47386

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:12 p.m.6 views

CVE-2026-47386

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/09 9:59 p.m.5 views

GHSA-7QJX-GP9H-65QJ Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

8.7CVSS5.6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/09 9:59 p.m.24 views

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

5.6AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/09 9:59 p.m.10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handleTokenExchange function. An attacker can gain unauthorized access to restricted resources by exploiting the lack of enforcement of allowed connectors when exchanging tokens. This is only exploitable i...

8.7CVSS5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 4:20 p.m.15 views

NocoDB: OAuth Authorization Code Race Condition

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read isused and called markAsUsed as an unconditional upda...

6.3CVSS5.6AI score0.00197EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/05 4:20 p.m.7 views

Race Condition

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Race Condition through a race condition in the OAuth token exchange. An attacker can obtain multiple valid token pairs by making concurrent requests using the same authorization code and PKCE verifier. Remediation...

6.3CVSS5.4AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.13 views

CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

9.8CVSS5.7AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.15 views

CVE-2026-9094

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/tokenoauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This c...

9.8CVSS5.8AI score0.0042EPSS
Exploits0References1
Rows per page
Query Builder