EUVD-2025-208759

FastMCP OAuth Proxy token reuse across MCP servers...

OAuth redirection abuse enables phishing and malware delivery

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without...

sigstore-python Cross-Site Request Forgery Vulnerability

sigstore-python is an open-source tool developed by sigstore for generating and verifying Sigstore signatures in Python. Versions of sigstore-python prior to 4.2.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the OAuth authentication process’s...

rami.io pretix 代码问题漏洞

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in rami.io pretix versions prior to 4.17.1. An attacker could exploit the vulnerability to...

Mozilla VPN 授权问题漏洞

Mozilla VPN is an open source virtual private network web browser extension, desktop application and mobile application from the US-based Mozilla Foundation. A security vulnerability in Mozilla VPN iOS before 1.0.7929, Mozilla VPN Windows before 1.2.2, and Mozilla VPN Android before 1.1.01360 ste...

Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider...

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework...

UBUNTU-CVE-2019-14880

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...

DEBIAN-CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

Doorkeeper Security Bypass Vulnerability

doorkeeper is based on the Ruby language open source Web application framework in the OAuth 2 Open Authorization Protocol provider . A security bypass vulnerability exists in Doorkeeper. The vulnerability allows attackers to bypass security restrictions and perform unauthorized actions...