Lucene search
K

1163 matches found

Nuclei
Nuclei
added 8 hours ago136 views

Spring Security OAuth2 Remote Command Execution

Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote comma...

8.8CVSS7.5AI score0.79176EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago54 views

pgAdmin 4 - Authentication Bypass

pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. id: CVE-2024-9014 info: name: pgAdmin 4 - Authentication Bypass author...

9.9CVSS6.5AI score0.09764EPSS
Exploits2References3
CVE
CVE
added 6 days ago12 views

CVE-2026-48090

Envoy CVE-2026-48090 affects the HTTP OAuth2 filter (envoy.filters.http.oauth2) in 1.37.0–1.37.5 and 1.38.3. A late AsyncClient completion can call OAuth2Filter methods after the downstream stream has been torn down, leading to undefined behavior, worker crashes, and use-after-free/invalid-vptr f...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-47775

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References2Affected Software1
CVE
CVE
added 6 days ago15 views

CVE-2026-47775

Envoy OAuth2 filter vulnerability (CVE-2026-47775): prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the encrypt()/decrypt() path uses AES-256-CBC without an authentication tag (no HMAC/AEAD), enabling a padding oracle via the /callback endpoint. An attacker with the encrypted CodeVerifier ...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52895

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....

5.9CVSS5.8AI score0.00579EPSS
Exploits1References18
NVD
NVD
added 2026/06/23 8:16 a.m.9 views

CVE-2026-9733

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS0.00339EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 7:5 a.m.8 views

EUVD-2026-38421

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:5 a.m.10 views

CVE-2026-9733

CVE-2026-9733 affects Mojolicious::Plugin::Web::Auth::OAuth2 (Perl) versions up to 0.17. The insecure default state parameter arises from a SHA-1 based generator that uses epoch time (revealed via HTTP Date) and Perl rand, enabling CSRF session hijacking. A patch exists (Mojolicious-Plugin-Web-Au...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in golang-golang-x-oauth2

An attacker can pass a maliciously malformed token, causing unexpected memory consumption during parsing...

7.5CVSS6.4AI score0.00804EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 3:47 p.m.5 views

ROOT-APP-GOBINARY-CVE-2025-22868 CVE-2025-22868 in rootio-golang.org/x/oauth2 - Patched by Root

Root has patched CVE-2025-22868 in the rootio-golang.org/x/oauth2 package for Root:Go. Multiple fixed versions available...

7.5CVSS6.2AI score0.00804EPSS
Exploits0
OSV
OSV
added 2026/06/18 12:0 p.m.11 views

ROOT-APP-MAVEN-CVE-2026-22748 CVE-2026-22748 in io.root.org.springframework.security:spring-security-oauth2-jose - Patched by Root

Root has patched CVE-2026-22748 in the io.root.org.springframework.security:spring-security-oauth2-jose package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.8AI score0.00203EPSS
Exploits0
OSV
OSV
added 2026/06/16 11:40 p.m.5 views

GHSA-9R5X-WG6M-X2RC Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication

Summary Gitea fails to enforce OAuth2 access token scopes when the token is submitted via HTTP Basic authentication instead of a Bearer token. An OAuth2 application granted only read:user can use the same token as Authorization: Basic base64:x-oauth-basic and perform write actions, including...

8.1CVSS5.4AI score0.00043EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:34 p.m.22 views

Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

5.6AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/12 11:11 a.m.7 views

Improperly Implemented Security Check for Standard

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to a logic error in the OAuthRequestFilter request handler. An attacker can bypass intended IP address restrictions...

9.8CVSS5.4AI score0.00629EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.10 views

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS0.0047EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:59 a.m.31 views

CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:58 a.m.8 views

CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

5.4AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:57 a.m.27 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

0.0047EPSS
Exploits0References1
Rows per page
Query Builder