14 matches found
This Week in Spring - February 24th, 2026
Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...
EUVD-2018-0373
Malware in sbrugna...
EUVD-2024-50561
Malicious code in bioql PyPI...
EUVD-2024-3212
Malicious code in bioql PyPI...
EUVD-2025-6046
Malicious code in bioql PyPI...
@cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint
Summary The OAuth implementation failed to check that redirecturi was among the allowed set for the clientid. Impact Under certain circumstances see below, if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visitin...
CVE-2025-27672
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016...
CVE-2025-27672
CVE-2025-27672 affects Vasion Print (formerly PrinterLogic) in the Virtual Appliance Host prior to 22.0.843 and Application 20.0.1923. The vulnerability is an OAuth security bypass (OVE-20230524-0016) that, per the NVD metrics, has a high impact on confidentiality, integrity, and availability wit...
CVE-2025-27672
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016...
Considerations for Selecting the Best API Authentication Option
Implementing API authentication is one of the most critical stages of API design and development. Properly implemented authentication protects data, user privacy, and other resources while streamlining compliance, preventing fraud, and establishing accountability. In fact, broken authentication i...
PT-2020-19715 · Google · Google-Oauth-Client
Name of the Vulnerable Software and Affected Versions: com.google.oauth-client:google-oauth-client versions prior to 1.31.0 Description: The issue is related to the implementation of PKCE support for OAuth 2.0 in Native Apps, which does not follow the RFC. This allows an attacker to intercept the...
CVE-2017-16028
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...
Information Disclosure
spring-oauth-security is vulnerable to information disclosure attacks. Upon a server exception, confidential information is printed to the logs...
OAuth Administration screen is visible to anonymous users
If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...