Lucene search
+L

6 matches found

OSV
OSV
added 2026/07/10 5:19 p.m.4 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/18 1:52 p.m.10 views

ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS6.2AI score0.00276EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/25 5:49 a.m.6 views

OESA-2026-2044 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

8.1CVSS6.5AI score0.01059EPSS
Exploits0References5
OSV
OSV
added 2026/03/24 4:49 p.m.3 views

SUSE-SU-2026:20859-1 Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. - CVE-2025-38488: smb: client: fix use-after-free in cryptmessag...

7.8CVSS6.8AI score0.00278EPSS
Exploits0References15
NVD
NVD
added 2024/12/27 2:15 p.m.19 views

CVE-2024-53179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses-authkey.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifsmount dfsmountshare getsession...

7.8CVSS0.00245EPSS
Exploits0References3
0day.today
0day.today
added 2010/06/06 12:0 a.m.32 views

PHP car rental complete System V1.2 SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================================== PHP car rental complete System V1.2 SQL Injection Vulnerability =============================================================== Title:PHP car rental complete System V1.2 SQli...

7.1AI score
Exploits0
Rows per page
Query Builder