CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/23 10:46 p.m.•0 views

CVE-2026-40574

A flaw was found in OAuth2 Proxy, a reverse proxy providing authentication using OAuth2 providers. A remote attacker can exploit an authorization bypass vulnerability by crafting a malicious email claim. This allows the attacker to bypass emaildomain restrictions, which are used to limit access t...

NVD•added 2026/04/23 7:17 p.m.•1 views

Exploits0References4

CVE-2026-41259

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

8.2CVSS0.00056EPSS

EUVD•added 2026/04/23 6:55 p.m.•0 views

EUVD-2026-25282

8.2CVSS5.8AI score0.00056EPSS

OSV•added 2026/04/23 8:47 a.m.•0 views

BIT-OAUTH2-PROXY-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

Positive Technologies•added 2026/04/23 12:0 a.m.•0 views

PT-2026-34728

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.9 Mastodon versions prior to 4.4.16 Mastodon versions prior to 4.3.22 Description Mastodon allows restricting new user sign-up based on e-mail domain names and performs basic validation on e-mail addresses, but i...

8.2CVSS5.2AI score0.00056EPSS

Exploits0References4

Snyk•added 2026/04/21 7:11 p.m.•1 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitting ...

7.6CVSS5.5AI score0.00053EPSS

Snyk•added 2026/04/21 7:11 p.m.•2 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitti...

7.6CVSS5.5AI score0.00053EPSS

NVD•added 2026/04/21 5:16 p.m.•0 views

CVE-2026-40574

6.8CVSS0.00053EPSS

Cvelist•added 2026/04/21 4:32 p.m.•25 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

6.8CVSS0.00053EPSS

CVE•added 2026/04/21 4:32 p.m.•4 views

CVE-2026-40574

CVE-2026-40574 affects OAuth2 Proxy. Affected: deployments using email_domain restrictions. Issue: authorization bypass where an attacker can use a malformed multi-@ email claim (e.g., [email protected]@company.com) to satisfy a company.com domain check, even though the claim is not a valid email...

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/21 4:32 p.m.•0 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

ATTACKERKB•added 2026/04/21 4:32 p.m.•0 views

CVE-2026-40574

Exploits0References2Affected Software1

CNNVD•added 2026/04/21 12:0 a.m.•4 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product offered by OAuth2 Proxy organizations that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy prior to 7.15.2 had security vulnerabilities. These vulnerabilities stemmed from the emaildomain enforcement option...

Github Security Blog•added 2026/04/15 7:23 p.m.•2 views

OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

Impact An authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and satisfy an allowed domain check for company.com, even though the claim is not a valid email...

Exploits0References3Affected Software1

OSV•added 2026/04/15 7:23 p.m.•1 views

GHSA-C5C4-8R6X-56W3 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

Positive Technologies•added 2026/04/15 12:0 a.m.•0 views

Exploits0References3

PT-2026-33223

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description An authorization bypass exists within the email domain enforcement option. An attacker can authenticate using a malformed email claim, such as [email protected]@company.com, to satisfy an allow...

ATTACKERKB•added 2026/03/27 4:24 p.m.•0 views

Exploits0References6

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00042EPSS

Exploits1References3

RedhatCVE•added 2026/02/11 1:33 a.m.•3 views

CVE-2026-25811

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...

9.1CVSS5.5AI score0.00049EPSS

NVD•added 2026/02/09 10:16 p.m.•2 views

CVE-2026-25811

9.1CVSS0.00049EPSS