104 matches found
CVE-2026-47158
CVE-2026-47158 – Vaultwarden (Rust) : A CSRF flaw in Vaultwarden’s SSO authorization flow prior to 1.36.0 allowed an unauthenticated attacker to induce IdP authentication and redeem tokens for a fully authenticated session. The root causes include: the OAuth state parameter from /connect/authoriz...
EUVD-2026-44693
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...
CVE-2026-26247
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CodeExchange and RefreshToken processes. An attacker can gain unauthorized access to user accounts or maintain persistent access from an unauthorized client by presenting intercepted authorization codes or...
NPM: Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE
NPM: Better Auth: OAuth callback accepts mismatched state when cookie-backed state storage is used without PKCE vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.2...
CVE-2026-40948
The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...
EUVD-2026-23676
The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...
Improper Validation of Unsafe Equivalence in Input
Overview @node-oauth/oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the token process. An attacker can obtain...
CVE-2026-3691 OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it...
CVE-2026-34511
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...
CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...
CVE-2026-33544
Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...
CVE-2026-33544
Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...
PT-2026-29659
Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.5 Description Tinyauth is an authentication and authorization server. The GenericOAuthService, GithubOAuthService, and GoogleOAuthService implementations store PKCE verifiers and access tokens as mutable struct...
GHSA-6G25-PC82-VFWP OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state
Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...
OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state
Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...
CVE-2017-18924
oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
EUVD-2021-2044
Malware in sbrugna...