13 matches found
PT-2026-60105
Name of the Vulnerable Software and Affected Versions Nebula-mesh versions 0.2.0 through 0.3.8 Description When OIDC is enabled, the application is susceptible to a denial of service via memory exhaustion. An unauthenticated remote client can repeatedly send requests to the GET /ui/oidc/login...
CVE-2026-55075 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...
CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
PT-2026-39215
Name of the Vulnerable Software and Affected Versions Kargo versions prior to 1.7.10 Kargo versions prior to 1.8.13 Kargo versions prior to 1.9.8 Kargo versions prior to 1.10.2 Description Kargo, which manages and automates the promotion of software artifacts, contains an open redirect in the UI...
EUVD-2025-4744
Malicious code in bioql PyPI...
CVE-2024-11753
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11753
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11753
CVE-2024-11753 affects the UMich OIDC Login plugin for WordPress. The vulnerability is a Stored XSS in the plugin’s umich_oidc_button shortcode attributes, present in all versions up to and including 1.2.0, caused by insufficient input sanitization and output escaping of user-supplied attributes....
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...