CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

PT-2026-35453

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

CVE-2026-30346 affects hunvreus DevPush v0.3.2 with an open redirect in the /api/google/authorize endpoint. The underlying issue allows an attacker to redirect users to malicious sites by supplying a crafted URL. Impact details are that redirects could lead users to unintended destinations; explo...

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

CVE-2025-6792

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

PT-2026-8061

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

PT-2025-52515

Name of the Vulnerable Software and Affected Versions FastAPI Users versions prior to 15.0.2 Description FastAPI Users is a system designed to add registration and authentication to FastAPI projects. A login Cross-Site Request Forgery CSRF exists because OAuth login state tokens are stateless and...

Cloudflare Public Bug Bounty: `use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it

The authorizeEndpoint parameter from use-mcp version was susceptible to XSS. Sanitization of that parameter was added in version 0.0.10 of use-mcp. A skilled attacker was able to turn this XSS into code execution on the client...