5 matches found
EUVD-2026-38566
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...
CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
SUSE CVE-2020-6823
A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...
CVE-2020-6823
A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...
The vulnerability of the `browser identity.launchWebAuthFlow` function in Mozilla Firefox’s WebExtensions extensions allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the browser identity.launchWebAuthFlow function in Mozilla Firefox’s WebExtensions extensions is related to the improper loading of content via HTTPS. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...