CVE-2026-1695

CVE-2026-1695 is an XSS vulnerability affecting PcVue’s OAuth web services in WebVue, WebScheduler, TouchVue and SnapVue modules for PcVue versions 12.0.0–16.3.3. The issue targets the OAuth server’s error page and could let a remote attacker trick a legitimate user into loading content from anot...

CVE-2026-1695

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

PT-2026-22127

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3 Description An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features. The issue exists on the error page of the OAuth server and may allow a remote...

Linux Distros Unpatched Vulnerability : CVE-2025-66040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server tha...

CVE-2025-10750 PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750

The CVE CVE-2025-10750 concerns the WordPress PowerBI Embed Reports plugin (

EUVD-2022-6592

Malicious code in bioql PyPI...

"Cannot Complete your request" during enumeration for DUO OAuth in 2 factor setup

Getting " Cannot complete your request" after duo push is successfully sent. In the url tab, we could see the client connection being pointed to storefront successfully...

Information disclosure

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

PT-2022-20596 · Next-Auth · Next-Auth

Name of the Vulnerable Software and Affected Versions: next-auth versions prior to v4.10.2 next-auth versions prior to v3.29.9 Description: An information disclosure issue allows an attacker with log access privilege to obtain excessive information, such as an identity provider's secret in the lo...

JetBrains Hub Input Validation Error Vulnerability

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A security vulnerability exists in JetBrains Hub versions prior to 2020.1.12099. An attacker could exploit the vulnerability to forge the conten...

CVE-2020-11691

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible...