TencentOS Server 3: nghttp2 (TSSA-2026:0385)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0385 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2026-23676

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2026:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1350-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing sta...

nghttp2 security update

1.43.0-6.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...

Oracle Linux 10 : nghttp2 (ELSA-2026-7666)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7666 advisory. 1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135 Tenable has extracted the preceding description block...

nghttp2 security update

1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...

SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2026:1247-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1247-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS...

SUSE-SU-2026:1074-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845...

SUSE-SU-2026:20833-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

nghttp2 Denial of service: Assertion failure due to the missing state validation

...

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

Cross-site Request Forgery (CSRF)

fastapi-sso is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing persistence and verification of the OAuth state parameter, which allows an attacker to supply a malicious callback URL and link their account to a victim’s session...

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

CVE-2026-25221

PolarLearn (0-PRERELEASE-15 and earlier) has a CSRF vulnerability in its OAuth 2.0 login flow for GitHub and Google, caused by failing to implement/verify the state parameter. This allows an attacker to pre-authenticate a session and trick a victim into logging into the attacker’s account, with v...

CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

CVE-2024-40650

In wifiitemeditcontent of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-21171 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The OAuth filter in Envoy assumes that a state query param is present on a...

GHSA-W8FP-3GWQ-GXPW Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

PortlandLabs Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a security vulnerability that stems from a lack of state parameters in the external authentication service, which makes it susceptible to CSRF...