290 matches found
CVE-2026-25649 Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The redirecturi parameter is not validated against a...
CVE-2026-25649 Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The redirecturi parameter is not validated against a...
ionic-spid-poc-crs
SPID SSO POC — Ionic React + Node.js + Signicat Sandbox A p...
oidc-poc
OIDC SSO Proof of Concept Proof of concept for bidirectional...
CVE-2017-18924
oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
EUVD-2020-19412
Malware in sbrugna...
EUVD-2018-0441
Malware in sbrugna...
EUVD-2020-5533
Malware in sbrugna...
EUVD-2021-2044
Malware in sbrugna...
EUVD-2019-0551
Malware in sbrugna...
EUVD-2025-10094
Malicious code in bioql PyPI...
EUVD-2024-19958
Malicious code in bioql PyPI...
EUVD-2024-1035
Malicious code in bioql PyPI...
EUVD-2022-7166
Malicious code in bioql PyPI...
EUVD-2023-2675
Malicious code in bioql PyPI...
EUVD-2024-55030
Malicious code in bioql PyPI...
EUVD-2023-36562
Malicious code in bioql PyPI...
EUVD-2024-3427
Malicious code in bioql PyPI...
Corezoid Process Engine 安全漏洞
Corezoid Process Engine is an application from Corezoid, Inc. helps companies build, manage, host and run processes in the cloud. A security vulnerability exists in Corezoid Process Engine version 6.6.0, which stems from the presence of an open redirection in the redirecturi parameter in the OAut...
Linux Distros Unpatched Vulnerability : CVE-2020-7692
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an...