Lucene search
K

153 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.20 views

PT-2026-39931

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

7.1CVSS5.8AI score0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 8:32 p.m.10 views

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

6.8CVSS5.8AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 7:1 p.m.32 views

CVE-2026-42565 @workos/authkit-session: Open Redirect via state-derived redirect target

@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is...

4.3CVSS0.00196EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 10:16 p.m.29 views

CVE-2026-42206

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

7.1CVSS0.00152EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 7:8 p.m.10 views

Use of GET Request Method With Sensitive Query Strings

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth login process, where the user's password hash is included as a query parameter in a redirect UR...

7.6CVSS5.8AI score0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.23 views

PT-2026-37291

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists where the endpoint 'plugin/MobileManager/oauth2.php' completes an OAuth login by redirecting the user to 'oauth2Success.php' via an HTTP 302 response. This redirect includes the user's...

6.8CVSS5.9AI score0.00285EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/04 6:38 p.m.5 views

CVE-2026-42235 n8n: XSS via MCP OAuth client

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...

8.8CVSS6AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 6:28 p.m.69 views

CVE-2026-42230 n8n: Open Redirect in MCP OAuth Consent Flow

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...

5.1CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 11:16 p.m.5 views

CVE-2026-4296

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

8.8CVSS0.00317EPSS
Exploits0References7
Veracode
Veracode
added 2026/04/20 6:52 a.m.10 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to failure in validating the relationship between the post being updated and the MSTeams plugin OAuth flow, which allows an attacker to exploit this via a crafted OAuth redirect URL to edit...

5.4CVSS5.9AI score0.00163EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/04/18 3:34 p.m.10 views

GHSA-5W6H-PJW6-WVC6 apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS5.7AI score0.00328EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/17 10:42 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.12 views

PT-2026-33378

Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.1 Description The proxyUi template engine utilizes Go's text/template, which does not perform HTML escaping, rather than html/template. The GitHub OAuth callback handlers in 'publicProxy' and 'dynamicProxy' embed the...

6.1CVSS6AI score0.00209EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/11 12:17 a.m.3 views

CVE-2026-3691

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...

5.3CVSS6AI score0.00459EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/11 12:17 a.m.53 views

CVE-2026-3691

The CVE-2026-3691 entry describes an information disclosure in the OpenClaw Client PKCE verifier within OAuth flows. Affected component is the OpenClaw client’s OAuth authorization implementation, where sensitive data is exposed in the authorization URL query string. This permits remote disclosur...

5.3CVSS5.9AI score0.00459EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/11 12:17 a.m.34 views

CVE-2026-3691 OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...

5.3CVSS0.00459EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

9.3CVSS5.9AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:30 p.m.10 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

8.7CVSS5.9AI score0.00169EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/04 6:26 a.m.5 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OAuth flow, where the PKCE verifier is reused as the OAuth state value and reflected back in the redirect URL. An attacker can obtai...

8CVSS5.9AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 9:17 p.m.3 views

CVE-2026-34511

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS0.00238EPSS
Exploits0References3
Rows per page
Query Builder