CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...

Vaultwarden vulnerable to user impersonation

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...

CVE-2022-43392

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted authorization request...

spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...