Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request

Summary I have discovered a critical Missing Authentication vulnerability on the /api/v1/loginmethod endpoint. The API allows unauthenticated users guests to retrieve the full SSO configuration of any organization by simply providing an organizationId. The response includes sensitive OAuth...

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

PT-2026-25143

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

CVE-2026-26964

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

Timing-Based Side-Channel Attack

github.com/mattermost/mattermost-server is vulnerable to timing-based side-channel attacks. The vulnerability is due to improper use of constant-time comparison for sensitive strings, which allows an attacker to exploit timing oracles to perform byte-by-byte brute-force attacks on Cloud API keys...

EUVD-2025-34730

Mattermost has an Observable Timing Discrepancy vulnerability...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the IsValidWebAuthRedirectURL function. An attacker can obtain sensitive information such as Cloud API keys and OAuth client secrets by analyzing response times during authentication attempts. Remediation Upgrade...

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

CVE-2025-22610 Coolify Vulnerable to OAuth Secrets Leak

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" f...

CVE-2025-22610 Coolify Vulnerable to OAuth Secrets Leak

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" f...

CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UU...

CVE-2023-5359

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain...

RUSTSEC-2022-0086 Slack OAuth Secrets leak in debug logs

Debug log formatting made it possible to leak OAuth secrets into debug logs. The patched version has introduced more strict checks to avoid this...

Slack OAuth Secrets leak in debug logs

Debug log formatting made it possible to leak OAuth secrets into debug logs. The patched version has introduced more strict checks to avoid this...