Lucene search
K

4 matches found

CVE
CVE
added 2026/04/23 6:33 p.m.31 views

CVE-2026-41213

The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 6:57 p.m.4 views

CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

6.5CVSS5.8AI score0.0025EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.4 views

PT-2026-3753

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the keycloak-services component of Keycloak. This issue allows the issuance of access and refresh tokens for disabled users, potentially leading to unauthorized use of...

8.5CVSS5.4AI score0.00443EPSS
Exploits0References19
Snyk
Snyk
added 2025/03/11 3:27 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS6.7AI score0.00445EPSS
Exploits0References2
Rows per page
Query Builder