Lucene search
K

17 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54008

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS0.00203EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.10 views

PT-2026-37128

Name of the Vulnerable Software and Affected Versions Nhost versions prior to 0.49.1 Description Nhost automatically links incoming OAuth identities to existing accounts when email addresses match, provided the email is marked as verified. Several provider adapters fail to correctly populate the...

9.8CVSS5.9AI score0.00809EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-26886

Malicious code in bioql PyPI...

4.3CVSS7AI score0.02013EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-21673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled,...

4.3CVSS6.8AI score0.02013EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/14 10:13 p.m.134 views

Grafana Forward OAuth Identity Token can allow users to access some data sources

When a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have...

4.3CVSS6.6AI score0.02013EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/03/06 10:58 a.m.39 views

BIT-GRAFANA-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

4.3CVSS6.2AI score0.02013EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/10/16 8:32 p.m.14 views

CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

10CVSS9.4AI score0.01088EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/15 10:31 a.m.5 views

grafana: Forward OAuth Identity Token can allow users to access some data sources

An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token and no other user credentials will forward the OAuth Identity of the most recently logged-in user. This flaw allows API tok...

4.3CVSS7.1AI score0.02013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/26 3:1 p.m.4 views

grafana: OAuth account takeover

A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions...

7.5CVSS7.3AI score0.02039EPSS
Exploits0References5
OSV
OSV
added 2022/02/19 11:3 a.m.4 views

OESA-2022-1531 grafana security update

Metrics dashboard and graph editor. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will...

4.3CVSS6.8AI score0.02013EPSS
Exploits0References2
CNVD
CNVD
added 2022/01/19 12:0 a.m.28 views

Grafana Information Disclosure Vulnerability (CNVD-2022-06890)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...

4.3CVSS2AI score0.02013EPSS
Exploits0References1
NVD
NVD
added 2022/01/18 10:15 p.m.25 views

CVE-2022-21673

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

4.3CVSS0.02013EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/01/18 9:35 p.m.5 views

CVE-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

4.3CVSS7AI score0.02013EPSS
Exploits0References7
OSV
OSV
added 2022/01/18 9:35 p.m.26 views

CVE-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

4.3CVSS7AI score0.02013EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.3 views

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...

4.3CVSS8.3AI score0.02013EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2021/09/29 5:18 p.m.67 views

Improper Access Control in passport-oauth2

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

5.3CVSS1.3AI score0.01261EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2021/09/27 7:15 a.m.25 views

CVE-2021-41580

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

5.3CVSS0.01261EPSS
Exploits0References3
Rows per page
Query Builder