Lucene search
K

6 matches found

Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-58422

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...

9.8CVSS0.00343EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-58422

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...

5.9AI score0.00343EPSS
Exploits0References5
CVE
CVE
added last week17 views

CVE-2026-58422

CVE-2026-58422 describes an access control bypass in the OAuth sign-in callback that can silently re-enable administrator-disabled accounts in affected Go-Gitea installations. Concrete technical details from connected sources identify vulnerable components as the Gitea web router package paths: r...

9.8CVSS5.9AI score0.00343EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55655

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization occurs during the OAuth sign-in callback process, which allows accounts that were previously disabled by an administrator to be silently...

9.8CVSS5.9AI score0.00343EPSS
Exploits0References11
OSV
OSV
added 2022/08/02 6:0 p.m.20 views

GHSA-XV97-C62V-4587 NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

9.1CVSS9.1AI score0.01137EPSS
Exploits0References11
Rows per page
Query Builder