156 matches found
CVE-2026-50083 Aqara hardcoded OAuth client credentials
The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...
CVE-2026-50083
The CVE-2026-50083 entry concerns the Aqara IAM/SSO Gateway (gw-builder.aqara.com) using a hardcoded OAuth client credential (CWE-798). This weak credential could enable a fully unauthenticated, remote takeover when combined with CVE-2026-50082, CVE-50084, and CVE-50085. Documented CVSSv3.1 base ...
EUVD-2026-35008
A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...
CVE-2026-11477 hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect
A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...
hsweb4 输入验证错误漏洞
hsweb4 is an open-source full-responsive backend management framework based on Spring Boot 2. In versions of hsweb4 5.0.1 and earlier, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of the OAuth2Client function in the file...
CVE-2026-44653
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...
PT-2026-45882
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...
CVE-2026-42235
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...
CVE-2026-42236
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...
CVE-2026-41425
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker could exploit a missing Cross-Site Request Forgery CSRF protection on the cache feature within authlib.integrations.starletteclient.OAuth. This vulnerability allows an attacker to trick ...
Cross-site Scripting (XSS)
Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clientname parameter in the MCP OAuth client registration process. An attacker can execute arbitrary JavaScript in a victim's authenticated browser session b...
Allocation of Resources Without Limits or Throttling
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MCP OAuth client registration process. An attacker can exhaust server memory resources and render the instance unavailable by sending lar...
CVE-2026-3532
A flaw was found in the Drupal OpenID Connect / OAuth client. This vulnerability, stemming from improper handling of case sensitivity, allows an attacker to escalate their privileges. This could enable an unauthorized user to gain elevated access rights, potentially leading to unauthorized action...
CVE-2026-3531
A flaw was found in Drupal OpenID Connect / OAuth client. This authentication bypass vulnerability allows an attacker to bypass authentication by using an alternate path or channel. This can lead to unauthorized access to resources or functionalities protected by the authentication mechanism...
EUVD-2026-16389
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16385
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3530
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3532 OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3532
CVE-2026-3532 affects the Drupal OpenID Connect / OAuth client module. The Red Hat and related sources describe a flaw due to improper handling of case sensitivity that allows privilege escalation by manipulating user fields, potentially enabling unauthorized elevation of access for affected user...