Lucene search
+L

5 matches found

nvd
nvd
added 2026/06/12 8:16 p.m.16 views

CVE-2026-42604

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

9.1CVSS0.004EPSS
Exploits0References2
nvd
nvd
added 2026/04/17 9:16 a.m.7 views

CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

6.2CVSS0.00155EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/17 8:35 a.m.2 views

CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

6.2CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2025/10/02 5:16 p.m.9 views

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected,...

6.2CVSS0.00159EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2025/01/24 12:0 a.m.10 views

PT-2025-4596 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue is related to missing authorization, allowing any authenticated user to access and modify the global Coolify instance OAuth configuration. This exposes sensitive information,...

7.1CVSS7AI score0.00376EPSS
Exploits1References5
Rows per page
Query Builder