Lucene search
K

40 matches found

Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-22056

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.3 Parse Server versions prior to 9.1.1-alpha.4 Description Parse Server is susceptible to a security issue where an unauthenticated attacker can create a forged Google authentication token using alg: "none" t...

9.3CVSS5.4AI score0.00176EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2025/11/26 5:57 p.m.12 views

CVE-2025-9803

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

9.3CVSS7.3AI score0.00426EPSS
Exploits2References1
OSV
OSV
added 2025/11/25 1:15 a.m.6 views

CVE-2025-9803

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

8.8CVSS5.8AI score0.00426EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.5 views

CVE-2025-9803 Improper Authentication in lunary-ai/lunary

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

9.3CVSS6.9AI score0.00426EPSS
Exploits2References2
EUVD
EUVD
added 2025/11/25 12:0 a.m.6 views

EUVD-2025-199529

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

9.3CVSS6.8AI score0.00426EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.6 views

PT-2025-47979

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.9.34 Description Improper authentication in the Google OAuth integration allows for account takeover. The application fails to verify the aud audience field in the access token issued by Google, which is necessary to...

9.3CVSS7.3AI score0.00426EPSS
Exploits2References13
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.6 views

Lunary 安全漏洞

Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary version 1.9.34 that stems from an unvalidated aud field in the Google OAuth integration, which could lead to an account takeover...

9.3CVSS9AI score0.00426EPSS
Exploits2References3
OSV
OSV
added 2025/10/17 2:54 p.m.5 views

OESA-2025-2433 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

8.7CVSS6.9AI score0.00287EPSS
Exploits0References2
OSV
OSV
added 2025/05/30 2:22 p.m.4 views

CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...

4.2CVSS6AI score0.00175EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/10/25 1:42 p.m.6 views

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/05/03 12:0 a.m.4 views

PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1

Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...

8.7CVSS7.8AI score0.00287EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2019/11/13 12:0 a.m.43 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)

This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...

8.8CVSS7.5AI score0.06707EPSS
Exploits3References15
Tenable Nessus
Tenable Nessus
added 2019/11/13 12:0 a.m.38 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)

This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...

8.8CVSS7.5AI score0.06707EPSS
Exploits3References15
OPENSUSE Linux
OPENSUSE Linux
added 2019/11/09 12:0 a.m.234 views

Recommended update for MozillaThunderbird (important)

openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2452-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...

8.8CVSS9.6AI score0.06707EPSS
Exploits3References6
OPENSUSE Linux
OPENSUSE Linux
added 2019/11/09 12:0 a.m.231 views

Recommended update for MozillaThunderbird (important)

openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2464-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...

8.8CVSS9.6AI score0.06707EPSS
Exploits3References6
CNVD
CNVD
added 2018/05/10 12:0 a.m.7 views

CloudBees Jenkins Google Login Plugin Redirection Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks.Google Login Plugin is used in one of the support for the use of Google accounts to log in to Jenkins...

6.1CVSS6.9AI score0.01003EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/05/25 9:35 a.m.55 views

Cuvva: Your two domain login email address are disclosed in

HI LINK: support-dashboard.corp.cuvva.co while accessing this link it takes to google authentication. then seen source page of that login page then i saw your email that used to login. POC attached. emails are: ███ ██████████ another way is to simply click on to "continue to cuvva.co" you will se...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2013/02/26 5:45 p.m.5 views

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...

7.4AI score
Exploits0
Atlassian
Atlassian
added 2008/04/24 5:54 a.m.28 views

Implement login using google Authentication

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-14866. panel We are a small company , and we are using Google for mail , calender etc ... For now we are using open ldap to authenticate user...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/04/24 5:54 a.m.41 views

Implement login using google Authentication

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-14866. panel We are a small company , and we are using Google for mail , calender etc ... For now we are using open ldap to authenticate use...

1AI score
Exploits0Affected Software1
Rows per page
Query Builder