5 matches found
CVE-2026-33409
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowin...
CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft
On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...
CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft
On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...
CVE-2026-3432
CVE-2026-3432 affects SimStudio
PT-2026-22583
Name of the Vulnerable Software and Affected Versions SimStudio versions prior to 0.5.74 Description The /api/auth/oauth/token endpoint in SimStudio has a code path that circumvents authorization checks when provided with the credentialAccountUserId and providerId parameters. An unauthenticated...