40 matches found
PT-2026-22056
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.3 Parse Server versions prior to 9.1.1-alpha.4 Description Parse Server is susceptible to a security issue where an unauthenticated attacker can create a forged Google authentication token using alg: "none" t...
CVE-2025-9803
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
CVE-2025-9803
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
CVE-2025-9803 Improper Authentication in lunary-ai/lunary
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
EUVD-2025-199529
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
PT-2025-47979
Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.9.34 Description Improper authentication in the Google OAuth integration allows for account takeover. The application fails to verify the aud audience field in the access token issued by Google, which is necessary to...
Lunary 安全漏洞
Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary version 1.9.34 that stems from an unvalidated aud field in the Google OAuth integration, which could lead to an account takeover...
OESA-2025-2433 google-oauth-java-client security update
Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
google-oauth-client: Token signature not verified
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1
Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)
This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)
This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...
Recommended update for MozillaThunderbird (important)
openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2452-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...
Recommended update for MozillaThunderbird (important)
openSUSE Security Update: Recommended update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2464-1 Rating: important References: 1149126 1149429 1151186 1152778 1153879 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762...
CloudBees Jenkins Google Login Plugin Redirection Vulnerability
CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks.Google Login Plugin is used in one of the support for the use of Google accounts to log in to Jenkins...
Cuvva: Your two domain login email address are disclosed in
HI LINK: support-dashboard.corp.cuvva.co while accessing this link it takes to google authentication. then seen source page of that login page then i saw your email that used to login. POC attached. emails are: ███ ██████████ another way is to simply click on to "continue to cuvva.co" you will se...
Bypassing Google Two Factor Authentication
Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...
Implement login using google Authentication
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-14866. panel We are a small company , and we are using Google for mail , calender etc ... For now we are using open ldap to authenticate user...
Implement login using google Authentication
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-14866. panel We are a small company , and we are using Google for mail , calender etc ... For now we are using open ldap to authenticate use...