CVE-2026-33014

The CVE-2026-33014 entry describes a vulnerability in the EVerest EV charging software stack where, before version 2026.02.0, a delayed authorization response during RemoteStop processing resets the authorized flag to true, bypassing the stop_transaction() condition on PowerOff events. This allow...

EUVD-2012-4595

Malware in sbrugna...

CVE-2018-8899

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations...

CVE-2018-8899

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations...

IdentityServer Cross-Site Scripting Vulnerability

IdentityServer is an open source OAuth framework for ASP.NET Core. A cross-site scripting vulnerability exists in IdentityServer versions 4 1.x prior to 1.5.3 and 2.x prior to 2.1.3, which stems from the program's failure to encode a redirect URL on the Authorization Response page.A remote attack...

Auth0-js bypasses CSRF checks

The Auth0.js library has a vulnerability affecting versions below 9.3 that allows an attacker to bypass the CSRF check from the state parameter if it's missing from the authorization response, leaving the client vulnerable to CSRF attacks...

Cross-site Request Forgery (CSRF)

auth0-js is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible if the state parameter is missing in an authorization response...

Design/Logic Flaw

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

CVE-2017-12677

IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response...

Server side request forgery (ssrf)

Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...

CVE-2012-4670

Tigase XMPP Server prior to 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, enabling remote XMPP servers to spoof domains via a Verify Response or an Authorization Response. Affected product: Tigase XMPP Server (versions before 5.1.0). Root cause: missing verif...