1133 matches found
CVE-2026-42239 Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...
CVE-2026-42239 Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...
CVE-2026-42084
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
PT-2026-39268
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI fails to validate that passwords are non-empty before performing LDAP Simple Bind authentication. On LDAP servers that permit unauthenticated empty-password binds, an attacker can...
CVE-2026-42235
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...
CVE-2026-42084
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
EUVD-2026-27057
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
CVE-2026-42084
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
CVE-2026-42084
OpenC3 COSMOS is affected by a credential change vulnerability where the password change feature accepts a valid session token in lieu of the old password. This flaw, present prior to versions 6.10.5 and 7.0.0-rc3, allows an attacker who already holds a valid session token to change the password ...
CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...
n8n Vulnerable to XSS via MCP OAuth client
Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...
GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"
Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...
Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
Summary The budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. Given that Budibase has had XSS vulnerabilities GHSA-gp5x-2v54-v2q5 — stored XSS via unsanitized enti...
GHSA-WGX6-G857-JJF7 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...
Unverified Password Change
Overview Affected versions of this package are vulnerable to Unverified Password Change via the verifynoservice process in openc3/lib/openc3/models/authmodel.rb and openc3-cosmos-cmd-tlm-api/app/controllers/authcontroller.rb. An attacker can change a password by supplying a valid session token to...
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...
PT-2026-36878
Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 6.10.5 OpenC3 COSMOS versions prior to 7.0.0-rc3 Description The password change functionality allows a user to change their password without providing the current password, as the system accepts a valid session...
OpenC3 COSMOS - Hijacked session token can be used to reset password for persistence
Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...