Lucene search
K

153 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.6 views

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS6.9AI score0.01045EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/24 4:15 a.m.248 views

OAuth-2.0-CSRF-PoC

OAuth Account Takeover CSRF Proof-of-Concept Description...

6.9AI score
Exploits0
CVE
CVE
added 2025/12/19 8:14 p.m.52 views

CVE-2025-68481

CVE-2025-68481 affects FastAPI Users. Before 15.0.2, OAuth state tokens are generated with an empty state_data, making the JWT contain only a fixed audience and expiry. The callback checks the state JWT but does not tie it to the user session, lacks a correlation cookie or server-side cache, and ...

8.8CVSS6.5AI score0.00222EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/16 12:26 a.m.8 views

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

4.7CVSS6.9AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 10:47 p.m.24 views

CVE-2025-66629 HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

3.7CVSS0.00086EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/01 12:55 p.m.10 views

CVE-2025-27232 Frontend arbitrary file read in oauth.authorize action

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

6.8CVSS0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 12:17 a.m.10 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS6.7AI score0.00132EPSS
Exploits0References1
OSV
OSV
added 2025/11/24 8:15 p.m.5 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 8:15 p.m.7 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/21 12:18 a.m.13 views

CVE-2025-63700

An issue was discovered in clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage. NOTE: this is disputed by the Supplier because there is no available information to reproduce the issue, and because an OAuth...

7.5CVSS6.8AI score0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/20 9:30 p.m.6 views

EUVD-2025-198353

An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage...

7.5CVSS6.6AI score0.00095EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/14 8:43 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/store t...

5.4CVSS6.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/14 8:3 a.m.2 views

CVE-2025-55073 MS Teams plugin OAuth allows editing arbitrary posts

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/14 8:3 a.m.12 views

CVE-2025-55073 MS Teams plugin OAuth allows editing arbitrary posts

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

5.4CVSS0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.5 views

PT-2025-46948

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 Description The Mattermost application does not properly validate the relationship between a post being updated...

5.4CVSS6.4AI score0.00163EPSS
Exploits0References15
Hacker One
Hacker One
added 2025/11/12 12:30 p.m.24 views

LY Corporation: page.line.me Open Redirect Leading to OAuth Authorization Code Exposure and Access Token Compromise

An open redirect vulnerability was identified in page.line.me because redirect destinations were not properly restricted to trusted domains. This vulnerability could have been abused within an OAuth 2.0 authorization flow to cause the authorization response to be sent to an attacker-controlled...

5.9AI score
Exploits0
Rows per page
Query Builder