19 matches found
EUVD-2016-7541
Malware in sbrugna...
EUVD-2025-19924
Malicious code in bioql PyPI...
EUVD-2025-12788
Malicious code in bioql PyPI...
CVE-2025-6238
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...
CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...
CVE-2025-4143
The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in:...
GHSA-VH4H-FVQF-Q9WV Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...
Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...
GHSA-7CP4-JW97-3RC2 Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4pc9-x2fx-p7vj. This link is maintained to preserve external references. Original Description The OAuth implementation in workers-oauth-provider that is part of MCP framework...
CVE-2025-4144 PKCE bypass via downgrade attack
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
CVE-2025-4144 PKCE bypass via downgrade attack
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
PT-2025-18345 · Unknown · Workers-Oauth-Provider
Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The issue is related to the OAuth implementation in workers-oauth-provider, part of the MCP framework. An attacker could cause the PKCE check to be skipped, completely...
Code injection
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...
CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the restproxycallgeturl function, which allows remote attackers to cause a denial of service application crash via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interfa...
CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the restproxycallgeturl function, which allows remote attackers to cause a denial of service application crash via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interfa...
CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the restproxycallgeturl function, which allows remote attackers to cause a denial of service application crash via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interfa...
CentOS 7 : rest (CESA-2015:2237)
Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...
RHEL 7 : rest (RHSA-2015:2237)
Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...
Low: Red Hat Security Advisory: rest security update
Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...