537 matches found
GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle
Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...
GHSA-WG9X-QFGW-PXHJ Feathers has an OAuth Callback Account Takeover issue
An unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query the raw request query when Grant's session/state responses are empt...
Improper Authentication
Overview @feathersjs/authentication-oauth is an oAuth 1 and 2 authentication for Feathers. Powered by Grant. Affected versions of this package are vulnerable to Improper Authentication via the callback component. An attacker can gain unauthorized access to existing user accounts by sending a...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code-related vulnerabilities, which stemmed from server-side request forgeing in the notification tester...
Exploit for CVE-2026-29000
CVE-2026-29000: pac4j-jwt JwtAuthenticator authentication bypa...
PT-2026-23074
Name of the Vulnerable Software and Affected Versions pac4j-jwt versions prior to 4.5.9 pac4j-jwt versions prior to 5.7.9 pac4j-jwt versions prior to 6.3.3 Description An authentication bypass exists in the JwtAuthenticator component when processing encrypted JSON Web Tokens JWTs. Remote attacker...
pac4j-jwt 数据伪造问题漏洞
pac4j-jwt is an JWT authentication module developed by pac4j as open source. Versions of pac4j-jwt prior to 4.5.9, 5.7.9, and 6.3.3 contained a data manipulation vulnerability. This vulnerability stems from the JwtAuthenticator’s inability to properly handle encrypted JWTs, leading to an...
CLSA-2026-1772572505 munge: Fix of CVE-2026-25506
CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks and input validation for address length; prevent leak of cryptographic MAC subkey and forging of arbitrary credentials...
CVE-2026-27754
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...
CVE-2026-27755
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...
CVE-2026-27755
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...
CVE-2026-27754
CVE-2026-27754 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where a cryptographically broken MD5 hash is used to generate session cookies. This can enable predictable tokens and potential unauthorized access to the device due to MD5 weaknesses and token forgery. The descriptio...
Mailpit 安全漏洞
Mailpit is an email testing tool developed by Ralph Slooten personally. Versions of Mailpit prior to 1.29.2 contained security vulnerabilities. These vulnerabilities stemmed from the link-checking API’s execution of HTTP HEAD requests for each URL found in emails. During these requests, the targe...
CVE-2026-1916
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.6.0 and earlier contained code vulnerabilities that allowed HTTP redirection during the subscription and payment logo/icon upload process. This vulnerability could lead to server-side request...
Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)
Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...
CVE-2026-1368
The CVE-2026-1368 issue affects the Video Conferencing with Zoom WordPress plugin prior to 4.6.6. A broken authentication flaw in a broken AJAX handler with nonce verification disabled allows unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and to retrieve the si...
smolagents 安全漏洞
smolagents is a basic library for agents, open-sourced by Hugging Face. Version 1.24.0 of smolagents contains a security vulnerability. This vulnerability stems from improper request handling in the LocalPythonExecutor component, which may lead to server-side request forgeing attacks...
Exploit for CVE-2026-26335
👤 Author Mohammed Idrees Banyamer Security Researcher...
USN-8040-1 munge vulnerability
Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged the MUNGE authentication daemon. A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution...