187 matches found
EUVD-2026-40307
Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...
Open Redirect
Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...
EUVD-2026-36397
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...
CVE-2026-41008
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...
EUVD-2026-35888
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...
CVE-2026-41008
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...
VMware Spring Security和Spring Authorization Server 输入验证错误漏洞
VMware Spring Security and Spring Authorization Server are both products of the American company VMware. VMware Spring Security is a security framework designed to provide descriptive security protections for Spring-based applications. Spring Authorization Server is a framework used to build secu...
CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...
CVE-2026-41008
CVE-2026-41008 affects Spring Security and Spring Authorization Server. The vulnerability arises from insufficient validation of the request_uri parameter at the authorization endpoint, allowing an attacker to craft a malicious authorization request with an invalid request_uri and an unvalidated ...
CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...
PT-2026-48309
Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Spring Authorization Server versions 1.5.0 through 1.5.7 Description The authorization endpoint performs insufficient validation of the request uri parameter. An attacker can craft a malicious...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect due to insufficient validation of the requesturi parameter in the OAuth2AuthorizationCodeRequestAuthenticationConverter class. When an authorization request contains a requesturi parameter, the converter still reads and...
cve-2026-41008 - MEDIUM - Spring Security Authorization Server Open Redirect via request_uri
cve-2026-41008 - MEDIUM - Spring Security Authorization Server Open Redirect via requesturi...
This Week in Spring - May 5th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...
CVE-2026-41213
The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...
cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3), cn.herodotus.dante:dante-logic-identity (>=4.0.0.0-M2 <=4.0.0.0-M3) +25 more potentially affected by CVE-2026-22752 via org.springframework.security:spring-security-oauth2-authorization-server (>=7.0.0-M3 <=7.0.4)
org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =7.0.0-M3, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =0.1.0, =7.0.0-4, =4.0.2.0-M4, =4.0.0.0-M4, =4.0.0.0-M4, =4.0.2.0-M4, =4.0.5.1 and more...
ROS-20260417-73-0030
A vulnerability in the JOSE implementation of the Authlib library for OAuth and OpenID Connect servers is related to improper integrity value checking. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security mechanisms...
CVE-2026-22734
The CVE-2026-22734 issue concerns a SAML 2.0 signature/encryption bypass in Cloud Foundry UUA/UAA. Affected software includes Cloud Foundry UUA from v77.30.0 to v78.7.0 and CF Deployment from v48.7.0 to v54.14.0, where UAA accepts unsigned/unencrypted SAML 2.0 bearer assertions, enabling an attac...
Keycloak 访问控制错误漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to access control, which stems from a header injection vulnerability in the user management access token endpoint. This vulnerability may lead to the disclosure of...
Ory Keto SQL注入漏洞
Ory Keto is an open-source authorization server developed by Ory. Versions of Ory Keto prior to 26.2.0 contained a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...