Lucene search
K

4 matches found

NVD
NVD
added yesterday6 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

Exploits0References5
CVE
CVE
added yesterday6 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider (Perl) prior to v0.23 lacks OAuth 2.0 state handling. The authentication_url may omit a state value and the callback does not verify the callback corresponds to the initiating session, enabling login CSRF where an attacker can complete the victim’s authoriza...

5.9AI score
Exploits0References4
NVD
NVD
added 2026/04/18 2:16 p.m.5 views

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.6 views

PT-2025-47957

Name of the Vulnerable Software and Affected Versions Tuya SDK version 6.5.0 Tuya Smart application Smartlife application Description A Cross-Site Request Forgery CSRF issue exists in the OAuth implementation of the Tuya SDK. This affects the Tuya Smart and Smartlife mobile applications, as well ...

8.8CVSS6.3AI score0.00137EPSS
Exploits0References8
Rows per page
Query Builder