Lucene search
+L

7287 matches found

CVE
CVE
added 2 days ago16 views

CVE-2026-53512

CVE-2026-53512 affects Better Auth versions prior to 1.6.11, where the legacy oidcProvider and mcp plugins expose OAuth2 token endpoints that validate refresh_token grants without requiring the confidential client’s client_secret. An attacker with a valid refresh_token and the corresponding publi...

9.1CVSS6.1AI score0.00303EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

CVE-2026-53512 Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refreshtoken grant authenticates only possession of the bound refreshToken row and matching clientid, without verifying the...

9.1CVSS6.1AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2 days ago3 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.2AI score0.00496EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.1AI score0.00496EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00496EPSS
Exploits0References3
CVE
CVE
added 2 days ago12 views

CVE-2026-53518

CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...

7.6CVSS6.2AI score0.00496EPSS
Exploits0References3
OSV
OSV
added 2 days ago4 views

CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2 days ago31 views

CVE-2026-53513

CVE-2026-53513 affects the @better-auth/sso plugin for Better Auth. When skipDiscovery: true is set, POST /sso/register and POST /sso/update-provider may store attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs without origin validation, leading to server-side r...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-47164

Vaultwarden (Rust) prior to 1.36.0 has an authentication flaw in its SSO flow: when SSO_SIGNUPS_MATCH_EMAIL=true, an IdP identity can bind to an existing local Vaultwarden account by asserting a victim email, due to checking the IdP email_verified claim only during new-user creation. This could a...

7.7CVSS6.1AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS0.0027EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS6.1AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS0.0016EPSS
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-59259

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6.5CVSS0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44635

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS6.2AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-59259 n8n - Permission Bypass via Expression Parser Mismatch in External Secrets

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS0.00344EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-10629 Malicious code in ai-pro-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b035f137addcf0118c3d042ece322d0fdde054e4ed283317d3b2adb309e38689 [email protected] is advertised as a Vercel AI SDK provider for Claude via the Claude Agent SDK, but the published tarball ships no code: package.json...

6.1AI score
Exploits0References4
OSV
OSV
added 3 days ago3 views

CVE-2026-52841 Easy!Appointments: Authorization bypass in Google OAuth provider binding lets any backend user rebind a peer provider's Google sync

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Google::oauth at application/controllers/Google.php:278 stores its URL-supplied providerid in the session, and oauthcallback saves the issued Google OAuth token against that row without checking the caller owns...

3.1CVSS6.1AI score0.00129EPSS
Exploits0References4
OSV
OSV
added 3 days ago3 views

CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...

3.3CVSS6.1AI score0.00146EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...

3.3CVSS0.00146EPSS
Exploits0References2
Rows per page
Query Builder