Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.13 views

PT-2026-36905

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An unauthenticated attacker can register a malicious MCP OAuth client using a crafted client name. If a victim user authorizes the OAuth conse...

9.6CVSS5.9AI score0.00332EPSS
Exploits0References11
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-27124

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

8.2CVSS0.00207EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/03/12 1:14 p.m.8 views

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week...

9.4CVSS6.6AI score0.00338EPSS
Exploits0
RubySec
RubySec
added 2018/02/21 12:0 a.m.29 views

Doorkeeper gem has stored XSS on authorization consent view

Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...

6.1CVSS2.7AI score0.01479EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder