Lucene search
K

257 matches found

cve
cve
added 3 days ago30 views

CVE-2026-55672

Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References5
cvelist
cvelist
added 3 days ago28 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
cve
cve
added 2026/06/30 10:8 p.m.14 views

CVE-2026-56224

Capgo: vulnerability in console.capgo.app/login prior to version 12.128.2 allows access_token and refresh_token to be accepted in URL query parameters, leading to automatic user authentication without user confirmation. Practically, an attacker can craft a malicious link that lures a victim into ...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References2
redhat
redhat
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.8AI score0.00305EPSS
Exploits0References4
redhat
redhat
added 2026/06/25 5:36 p.m.4 views

org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.8AI score0.00295EPSS
Exploits0References4
nvd
nvd
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9183

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
euvd
euvd
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38681

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
nvd
nvd
added 2026/06/23 9:17 p.m.8 views

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS0.00242EPSS
Exploits0References1
nvd
nvd
added 2026/06/23 9:16 p.m.8 views

CVE-2026-46550

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...

5.4CVSS0.00099EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/23 8:39 p.m.26 views

CVE-2026-46550 NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...

5.4CVSS0.00099EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 8:39 p.m.6 views

CVE-2026-46550

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...

5.4CVSS5.8AI score0.00099EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/23 8:39 p.m.17 views

CVE-2026-46550

NocoDB’s CVE-2026-46550 concerns the refresh-token cookie being set with httpOnly but without Secure and SameSite attributes prior to 2026.04.1. The root cause is in setTokenCookie(), which emitted a cookie with only httpOnly (and possibly domain), leaving it vulnerable to interception over HTTP ...

5.4CVSS5.8AI score0.00099EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 8:3 p.m.5 views

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS5.9AI score0.00242EPSS
Exploits0References2Affected Software1
github
github
added 2026/06/18 1:52 p.m.8 views

ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS5.9AI score0.00276EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/18 1:52 p.m.5 views

GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS6AI score0.00276EPSS
Exploits0References5
snyk
snyk
added 2026/06/18 1:52 p.m.11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CodeExchange and RefreshToken processes. An attacker can gain unauthorized access to user accounts or maintain persistent access from an unauthorized client by presenting intercepted authorization codes or...

9.1CVSS6AI score0.00276EPSS
Exploits0References3
snyk
snyk
added 2026/06/18 1:52 p.m.4 views

Incorrect Authorization

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Incorrect Authorization in the CodeExchange and RefreshToken processes. An attacker can gain unauthorized access to user accounts or maintain persiste...

9.1CVSS6AI score0.00276EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50741

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description The OAuth2 / OIDC CodeExchange and RefreshToken implementations fail to validate that the requesting client matches the client that originally initiated th...

7.4CVSS6AI score0.00276EPSS
Exploits0References13
github
github
added 2026/06/17 2:7 p.m.11 views

NocoDB: Refresh Tokens Persist Through Password Recovery

Summary A stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. Details passwordChange and passwordReset deleted the user's refresh tokens, but passwordForgot only rotated tokenversion and revoked OAuth tokens — it did...

6.3CVSS5.3AI score0.00242EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.11 views

PT-2026-50474

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A stolen refresh token persists after a password-forgot flow, allowing it to be used to generate new JSON Web Tokens JWTs even after a user resets their password. While the passwordChange and...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References9
Rows per page
Query Builder