151 matches found
PT-2026-45882
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...
CVE-2026-42235
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...
CVE-2026-42236
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...
CVE-2026-41425
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker could exploit a missing Cross-Site Request Forgery CSRF protection on the cache feature within authlib.integrations.starletteclient.OAuth. This vulnerability allows an attacker to trick ...
Cross-site Scripting (XSS)
Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clientname parameter in the MCP OAuth client registration process. An attacker can execute arbitrary JavaScript in a victim's authenticated browser session b...
Allocation of Resources Without Limits or Throttling
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MCP OAuth client registration process. An attacker can exhaust server memory resources and render the instance unavailable by sending lar...
CVE-2026-3532
A flaw was found in the Drupal OpenID Connect / OAuth client. This vulnerability, stemming from improper handling of case sensitivity, allows an attacker to escalate their privileges. This could enable an unauthorized user to gain elevated access rights, potentially leading to unauthorized action...
CVE-2026-3531
A flaw was found in Drupal OpenID Connect / OAuth client. This authentication bypass vulnerability allows an attacker to bypass authentication by using an alternate path or channel. This can lead to unauthorized access to resources or functionalities protected by the authentication mechanism...
EUVD-2026-16389
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16385
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3530
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3532
CVE-2026-3532 affects the Drupal OpenID Connect / OAuth client module. The Red Hat and related sources describe a flaw due to improper handling of case sensitivity that allows privilege escalation by manipulating user fields, potentially enabling unauthorized elevation of access for affected user...
CVE-2026-3532 OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3531
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3531
CVE-2026-3531 affects Drupal OpenID Connect / OAuth client prior to 1.5.0. The root cause is an authentication bypass via an alternate path or channel, enabling unauthorized access to resources protected by authentication. Public descriptions from Red Hat, ENISA/EUVD, NVD/NVD, CVE lists and the D...
CVE-2026-3530 OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3530 OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
Drupal OpenID Connect / OAuth client 安全漏洞
The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities. These vulnerabilities were due to improper handling of case sensitivity,...