Lucene search
+L

86 matches found

cvelist
cvelist
added 3 days ago31 views

CVE-2026-44761 Insecure Sample Credentials in SAP Commerce Cloud

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS0.00352EPSS
Exploits0References2
cvelist
cvelist
added last week31 views

CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

4.9CVSS0.00321EPSS
Exploits1References6
cve
cve
added 2026/07/08 1:49 p.m.9 views

CVE-2026-56359

n8n prior to 2.8.0 contains a cross-site scripting vulnerability in the credential management flow. Authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields, enabling crafted credentials to cause the victim, who clicks the OAuth authorization button...

5.4CVSS5.9AI score0.00141EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/26 5:23 p.m.4 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS6AI score0.00219EPSS
Exploits1References3
osv
osv
added 2026/06/15 10:7 a.m.10 views

EEF-CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Summary Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined...

9.2CVSS5.4AI score0.00563EPSS
Exploits1References5
osv
osv
added 2026/06/12 9:4 p.m.3 views

CVE-2026-53523 Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero...

6.8CVSS5.9AI score0.00234EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

8.1CVSS5.4AI score0.00201EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 12:46 p.m.12 views

CVE-2026-44237 FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

7.6CVSS5.8AI score0.00201EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/12 5:16 p.m.6 views

CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

6.1CVSS5.7AI score0.00247EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/05/08 10:59 p.m.12 views

GHSA-CMPJ-2X3G-M7G3 free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

Summary free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handler returns 200 OK. The current OAM handler is a stub that returns null, b...

10CVSS5.8AI score0.00311EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/05/08 3:14 p.m.5 views

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

10CVSS5.8AI score0.00438EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-385

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

8.1CVSS6.8AI score0.01914EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/04/22 5:15 a.m.5 views

CVE-2026-22748

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/04/01 7:46 p.m.25 views

GHSA-WHV5-4Q2F-Q68G OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2

Description The oauth2.php file in OpenSTAManager is an unauthenticated endpoint $skippermissions = true. It loads a record from the zzoauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize on the accesstoken field without any...

7.2CVSS6.3AI score0.0057EPSS
Exploits1References5
osv
osv
added 2026/03/27 12:0 a.m.24 views

UBUNTU-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/03/12 6:49 p.m.3 views

CVE-2026-32242 Parse Server OAuth2 adapter shares mutable state across providers via singleton instance

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent...

9.1CVSS5.8AI score0.00261EPSS
Exploits0References3
osv
osv
added 2026/03/11 8:0 a.m.8 views

CURL-CVE-2026-3783 token leak with redirect and netrc

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS5.8AI score0.00333EPSS
Exploits1
osv
osv
added 2026/01/08 10:7 a.m.5 views

CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.5AI score0.00611EPSS
Exploits1References6
hackerone
hackerone
added 2025/12/09 6:1 p.m.11 views

curl: CVE-2025-14524: bearer token leak on cross-protocol redirect

Summary: A vulnerability exists in libcurl regarding the handling of OAuth2 Bearer tokens CURLOPTXOAUTH2BEARER during HTTP redirects. While libcurl correctly clears standard authentication credentials CURLOPTUSERPWD when following a redirect to a different host, port, or protocol a security...

5.7CVSS7.6AI score0.01595EPSS
Exploits2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5232

Malicious code in bioql PyPI...

9.1CVSS5.4AI score0.01079EPSS
Exploits0References4
Rows per page
Query Builder