14 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...
PT-2026-34722
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code verifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
CVE-2026-31798
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
CVE-2024-55017
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...
Linux Distros Unpatched Vulnerability : CVE-2020-7692
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an...
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
DEBIAN-CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
UBUNTU-CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
Arbitrary Account Password Reset Vulnerability in OnStar iOS Client Server
OnStar iOS client is a smart driving system. An arbitrary account password reset vulnerability exists in the OnStar iOS client server. An attacker can reset the password of any client and perform unauthorized operations by intercepting the verification code in a packet...
EYEE Beehive App Has Logic Design Flaws
EYEE Bee Tide App is an online shopping app. There is a logical design vulnerability in EYEE Beehive APP. An attacker can register any account and reset any password by grabbing packets and bursting the verification code...
Logic design flaws in Zhongxinxin Sharing App
Zhongxinxin Sharing App is a car sharing software that allows you to book car reservations online. There is a logical design vulnerability in Zhongxinxin Sharing APP. An attacker can reset any password by grabbing packets to get the verification code through the forgot password function...
There is a logic design flaw in the Kaiyen Gold app
Kaiyan Gold Service app is a financial management software. There is a logical design vulnerability in the Kaiyan Gold Service app. The vulnerability is due to the registration of not doing any verification restrictions, the attacker through the packet bursting and intercept the return of the...
Arbitrary User Registration Vulnerability in BBCBuilder E-Commerce System
BBCBuilder is a b2b2c model developed by Yuanfeng Company, which supports the e-commerce system of platform self-supporting and supplier store coexistence mode. Version 2.6.1 of the BBCBuilder e-commerce system contains an arbitrary user registration vulnerability that allows an attacker to...