92 matches found
CVE-2026-12740
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...
EUVD-2026-41686
Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...
CVE-2026-12746
CVE-2026-12746 affects Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 (Perl). The underlying issue is that the OAuth 2.0 state parameter is not supported, causing the authentication_url to redirect without a state value and the callback to process the response without binding it to t...
CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter
Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...
PT-2026-55719
Name of the Vulnerable Software and Affected Versions Dancer2::Plugin::Auth::OAuth::Provider versions prior to 0.23 Description The software fails to support the OAuth 2.0 state parameter. The authentication url method creates a provider authorization redirect without a state value, and the...
GHSA-84HP-MQVJ-3P8H mcp-memory-service: Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete
Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete Summary All HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCPAPIKEY or OAuth. An...
SUSE-SU-2026:22436-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68822: Input: alps - fix use-after-free bugs caused by...
PYSEC-2026-480 praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...
PYSEC-2026-481 praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...
CVE-2026-56425
The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...
Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets
Summary An authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the admin's bcrypt password hash and email, plus user/config/ with all site configuration. The download endpoint requires...
GHSA-9C59-2MVC-VFR8 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints
Summary Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated...
PhoenixStorybook has cross-session PubSub topic injection via URL parameter
Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...
GHSA-7P8G-6C6G-H9W7 praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
GHSA-9392-PJ54-QQF8 WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
PT-2026-46853
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
GHSA-G8RR-7RJ2-F627 praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}
Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...
GHSA-C2M8-4GCG-V22G praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...