7 matches found
CVE-2026-4828
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...
EUVD-2022-4944
Malicious code in bioql PyPI...
EUVD-2022-51507
Malicious code in bioql PyPI...
CVE-2025-53099
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
grafana: OAuth account takeover
A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions...
Pornhub: Account hijack via deleted PH account
The researcher identified a faulty Oauth implementation allowing YouPorn accounts to be hijacked. The researcher exploited a feature which links Pornhub and YouPorn accounts together by leveraging old accounts which were previously deleted, or where username was changed. A faulty Oauth auth...