CVE-2026-55666 Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...

CVE-2026-55666

Rocket.Chat vulnerable pre-versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13 due to a flaw in apps/meteor/app/apple/server/loginHandler.ts where handleIdentityToken parses an Apple OAuth JWT. If the JWT lacks an email, the code falls back to accepting an arbitrary email value supplie...

PT-2026-52116

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

CVE-2025-1909

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

EUVD-2025-13435

Malicious code in bioql PyPI...

EUVD-2025-1984

Malicious code in bioql PyPI...

CVE-2025-1909

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

WordPress plugin BuddyBoss Platform Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-19790

Name of the Vulnerable Software and Affected Versions BuddyBoss Platform Pro plugin for WordPress versions up to, and including, 2.7.01 Description The issue is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes i...

Malicious code in apple-oauth (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1733 Malicious code in apple-oauth (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-1061

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

CVE-2025-1061

CVE-2025-1061 (Nextend Social Login Pro, WordPress) is an authentication bypass vulnerability in versions up to and including 3.1.16 caused by insufficient verification of the user during the Apple OAuth authenticate request. This allows unauthenticated attackers to log in as an existing user (e....

CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

WordPress Nextend Social Login Pro plugin <= 3.1.16 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin Nextend Social Login Pro versions = 3.1.16...