5 matches found
CVE-2026-48991 XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation
XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-initiated login under certain local attack conditions. Affected versions relied on a fixed localhost redirect URI without PKCE or state validation...
CVE-2026-5128
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
PT-2026-29007
Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1 Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account...
AuthKit Remix Library 信息泄露漏洞
AuthKit Remix Library is a WorkOS open source library for authentication and session management. An information disclosure vulnerability exists in AuthKit Remix Library version 0.14.1 and earlier, which stems from exposing sensitive authentication artifacts and could lead to information disclosur...
AuthKit React Router Library 信息泄露漏洞
AuthKit React Router Library is a WorkOS open source authentication and session helper for use in React Router 7. An information disclosure vulnerability exists in AuthKit React Router Library version 0.6.1 and earlier, which stems from exposing sensitive authentication artifacts that could lead ...