77 matches found
Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...
CVE-2025-66719
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...
Cross-site Request Forgery (CSRF)
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the request.scope in the validateauthorizationrequest function which leads to cache-backed...
Improper Authorization
ethycafides is vulnerable to improper authorization. The vulnerability is due to insufficient scope validation in the OAuth client creation and update endpoints, which allows an attacker or a highly privileged user to escalate privileges to owner-level...
EUVD-2020-8163
Malware in sbrugna...
Janssen 安全漏洞
Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...
GHSA-C9PR-Q8GX-3MGP Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...
CVE-2025-31477
CVE-2025-31477 concerns the Tauri shell plugin (prior to 2.2.1). The open endpoint allowed system-opening with protocols like file://, smb://, or nfs:// due to improper validation, enabling remote code execution when untrusted input is passed. Affected: tauri-plugin-shell before version 2.2.1. Mi...
CVE-2025-31477 Improper Scope Validation in the open Endpoint of tauri-plugin-shell
The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was...
CVE-2023-26482
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...
CVE-2020-16197
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...
CVE-2020-16197
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...
CVE-2020-16197
CVE-2020-16197 affects Octopus Deploy 3.4. An authorised user can configure a deployment target with an Account or Certificate outside the target’s scope and may use a certificate not in scope. The vulnerability also allows obtaining certificate metadata by associating a certificate with resource...