11 matches found
EUVD-2025-209150
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
CVE-2025-71278
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
CVE-2025-71278 XenForo OAuth2 Unauthorized Scope Request
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
CVE-2025-71278
CVE-2025-71278 — XenForo : Affected are XenForo versions prior to 2.3.5. The issue enables OAuth2 client applications to request unauthorized scopes, potentially granting access beyond intended authorization. Impact is described in the CVSS metrics (high severity across confidentiality, integrity...
CVE-2025-71278
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
CVE-2025-71278 XenForo OAuth2 Unauthorized Scope Request
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
Xenforo 安全漏洞
Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.5 contained security vulnerabilities. These vulnerabilities stemmed from the OAuth2 client application’s ability to request unauthorized scopes, which could allow the client application to obtain access...
PT-2026-29414
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
EUVD-2026-13704
OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to present unauthorize...
PT-2026-26620
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw contains an authorization bypass issue in the WebSocket connect path. This flaw allows shared-token or password-authenticated connections to self-declare elevated scopes, such as...
Improper Authorization
Overview authentik-client is an authentik Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants clientcredentials or devicecode. An attacker can obtain a token with unauthorized scopes. Remediation Upgrade authentik-client to...