SUSE CVE-2026-20904

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities...

OpenID library for Ruby: Server-Side Request Forgery

Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...

CVE-2008-6836

Cross-site request forgery CSRF vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors...

CVE-2008-3221

Cross-site request forgery CSRF vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities...

CVE-2008-3221

CVE-2008-3221 is a Drupal CSRF vulnerability affecting Drupal 6.x prior to 6.3, allowing remote attackers to perform administrative actions via deletion of OpenID identities. The issue stems from cross-site request forgery in forms that enables unauthorized admin operations. Connected advisories ...