CVE-2026-48153 Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

CVE-2026-44325

CVE-2026-44325 affects free5GC NRF (v4.2.1) where POST /oauth2/token parses form data with a reflective type-confusion in api_accesstoken.go. The handler reflects over NrfAccessTokenAccessTokenReq, incorrectly treating most fields as a *models.PlmnId and assigns it to various destination fields, ...

CVE-2026-44325 free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq,...

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

CVE-2026-7679

YunaiV yudao-cloud (up to 2026.01) is affected. The flaw resides in OAuth2TokenServiceImpl.java (getAccessToken) where manipulation leads to improper authentication. The issue is exploitable remotely with a PROOF-OF-CONCEPT exploit and no remediation details are provided in the available document...

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

GHSA-CVC6-Q2CP-2XHW Spring Security has Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator. This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

Linux Distros Unpatched Vulnerability : CVE-2026-3783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second...

CLSA-2026-1771663697 curl: Fix of 2 CVEs

CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

Curl 7.33.0 < 8.18.0 OAuth2 Bearer Token Leak (CVE-2025-14524)

The version of curl installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability. - When an OAuth2 bearer token is used for an HTTPS transfer that performs a cross-protocol redirect to a second URL using IMAP, LDAP, POP3, or SMTP...

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

EUVD-2020-3139

Malware in sbrugna...

EUVD-2018-15567

Malware in sbrugna...

EUVD-2024-34309

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-31690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certai...

CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

Malicious code in customer-oauth2-token-management-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7470945b8ee8dd4e437867aa2317e357a5536870671edc131c9c21ee62111acc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7944 Malicious code in customer-oauth2-token-management-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7470945b8ee8dd4e437867aa2317e357a5536870671edc131c9c21ee62111acc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Basecamp: Account takeover via insecure intent handling

The Basecamp app was vulnerable to account takeover due to insecure intent handling. A malicious app installed on the same device could obtain the user's Oauth2 token and take over their account...