PT-2026-49004

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The getRedirectURL function in oauth2.go constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path without validating the Host header. This allows...

CVE-2026-34460

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

CVE-2026-40302

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...

EUVD-2026-33973

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter...

CVE-2026-34460

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

CVE-2026-34460

NamelessMC (Minecraft server website software) is affected in versions up to 2.2.4 where the OAuth callback handling does not validate the state parameter server‑side before exchanging the authorization code. This can let an attacker capture a valid OAuth callback URL for their own account and ca...

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Versions of NamelessMC 2.2.4 and earlier have security vulnerabilities. These vulnerabilities stem from unvalidated state...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

CVE-2026-34969

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers,...

CVE-2026-34969 Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers,...

Nhost 安全漏洞

Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 0.48.0 contained security vulnerabilities. These vulnerabilities stemmed from the OAuth provider’s callback process for authentication services, where the refresh token was directly placed as a query...

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

CVE-2026-33720

n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

EUVD-2026-12092

LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP Model Context Protocol OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redire...

LibreChat 访问控制错误漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Version 0.8.2 to 0.8.2-rc3 of LibreChat contains a security vulnerability related to access control. This...

EUVD-2026-10825

Feathers has an OAuth Callback Account Takeover issue...

CVE-2026-29792 Feathersjs has an OAuth Callback Account Takeover

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's...