Lucene search
K

6 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.14 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.30 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.1CVSS6.8AI score0.02222EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1016

Malware in sbrugna...

9.1CVSS9AI score0.02222EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/11/02 10:40 a.m.3 views

cxf: OAuth 2 authorization service vulnerable to DDos attacks

CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...

7.5CVSS7.4AI score0.06593EPSS
Exploits0References5
OSV
OSV
added 2021/02/23 6:15 p.m.15 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.1CVSS6.8AI score
Exploits0References3
CVE
CVE
added 2021/02/23 5:58 p.m.81 views

CVE-2021-27582

MITREid Connect OpenID Connect server (MITREid Connect) before 1.3.3 is affected by a Mass Assignment (Autobinding) vulnerability in OAuthConfirmationController.java. The issue arises from unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, allowing HTTP request pa...

9.1CVSS9.1AI score0.02222EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder