Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/04/09 4:50 p.m.24 views

CVE-2026-39976 Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value ...

7.1CVSS0.00289EPSS
Exploits1References5
CVE
CVE
added 2026/04/09 4:50 p.m.26 views

CVE-2026-39976

CVE-2026-39976 affects Laravel Passport's TokenGuard in versions 13.0.0–13.7.0. The underlying league/oauth2-server sets the JWT sub claim to the client identifier (no user) and TokenGuard passes this value to retrieveById() without validating that it is a user, allowing a client_credentials toke...

7.1CVSS5.8AI score0.00289EPSS
Exploits1References5Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2025/09/02 12:0 a.m.19 views

Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device...

5.4CVSS7.1AI score0.04116EPSS
In wildExploits1
NVD
NVD
added 2025/08/29 4:15 p.m.4 views

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

5.4CVSS0.04116EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/29 3:50 p.m.7 views

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

5.4CVSS0.04116EPSS
Exploits1References2
Rows per page
Query Builder