Lucene search
+L

4644 matches found

RedhatCVE
RedhatCVE
added 4 days ago4 views

CVE-2026-47158

A flaw was found in Vaultwarden, a Bitwarden-compatible server. An unauthenticated attacker could exploit a vulnerability in the Single Sign-On SSO authorization flow. This flaw, caused by improper binding of the OAuth state parameter to the browser session and inadequate cleanup of SSO...

8.3CVSS6AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-47158

CVE-2026-47158 – Vaultwarden (Rust) : A CSRF flaw in Vaultwarden’s SSO authorization flow prior to 1.36.0 allowed an unauthenticated attacker to induce IdP authentication and redeem tokens for a fully authenticated session. The root causes include: the OAuth state parameter from /connect/authoriz...

8.3CVSS6.1AI score0.0016EPSS
Exploits0References4
OSV
OSV
added 4 days ago6 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS6.1AI score0.0016EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-54560 Cloudreve: OAuth access tokens bypass scope enforcement due to missing client_id claim

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS0.00247EPSS
Exploits0References3
NVD
NVD
added 4 days ago3 views

CVE-2026-56398

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

9CVSS0.00338EPSS
Exploits1References2
CVE
CVE
added 4 days ago7 views

CVE-2026-56398

Open WebUI before 0.9.5 is vulnerable to stored XSS via the OAuth picture claim SVG data URI. The code infers MIME type from the URL extension (e.g., .svg) and ignores the server-provided Content-Type, then stores data URI labelling it as image/svg+xml. The profile image validator is bypassed in ...

9CVSS6.2AI score0.00338EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS0.00338EPSS
Exploits1References2
OSV
OSV
added 4 days ago6 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score0.00338EPSS
Exploits1References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-44761 Insecure Sample Credentials in SAP Commerce Cloud

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43585

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS6.1AI score0.00331EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 6 days ago25 views

Defending SaaS-based applications against ShinyHunters OAuth abuse

In this article 1. Attack chain overview 2. Improving visibility into Salesforce OAuth abuse 3. Mitigation and protection guidance 4. Learn more In a series of campaigns observed between mid-2025 and mid-2026, Microsoft identified threat actor activity with overlapping tradecraft commonly...

6.1AI score
Exploits0
OSV
OSV
added 6 days ago4 views

CVE-2026-59801 9Router 0.4.41 - Unauthenticated API Exposure via /api/providers

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.3CVSS6.2AI score0.01905EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-9571

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

6.5CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-9571

Mattermost CVE-2026-9571 affects versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, and 10.11.x

6.5CVSS6.1AI score0.00174EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-57219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client...

8.7CVSS5.7AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 9:16 p.m.4 views

CVE-2026-57218

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

6.5CVSS0.00321EPSS
Exploits1References6
NVD
NVD
added 2026/07/10 9:16 p.m.4 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 9:16 p.m.2 views

UBUNTU-CVE-2026-57219

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References8
CVE
CVE
added 2026/07/10 8:35 p.m.34 views

CVE-2026-57807

The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
Rows per page
Query Builder