Lucene search
+L

13 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.15 views

CVE-2026-34456

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.8CVSS5.8AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 8:16 p.m.8 views

CVE-2026-34456

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.8CVSS0.00455EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 8:0 p.m.9 views

EUVD-2026-18009

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.1CVSS5.8AI score0.00455EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.11 views

Reviactyl 访问控制错误漏洞

Reviactyl is an open-source game server management panel developed by Reviactyl. Versions of Reviactyl prior to 26.2.0-beta.1 and 26.2.0-beta.5 contained an access control vulnerability. This vulnerability stemmed from a flaw in the OAuth authentication process, which automatically linked social...

9.8CVSS5.8AI score0.00455EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/20 7:59 p.m.8 views

CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream

Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...

8.9CVSS6.6AI score0.00554EPSS
Exploits0References2
CVE
CVE
added 2024/12/20 7:59 p.m.70 views

CVE-2024-56329

CVE-2024-56329 affects the Socialstream package for Laravel Jetstream (joelbutcher/socialstream). The vulnerability arises during social account linking to an already authenticated user, where a missing confirmation step allows an account takeover risk. The issue is worsened when the Socialite co...

8.9CVSS6.6AI score0.00554EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/20 3:1 p.m.36 views

Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...

8.9CVSS6.9AI score0.00554EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/20 3:1 p.m.22 views

GHSA-3Q97-VJPP-C8RP Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...

8.9CVSS6AI score0.00554EPSS
Exploits0References4
Imperva Blog
Imperva Blog
added 2022/11/07 11:17 a.m.29 views

The Worrying Rise of Cybercrime as a Service (CaaS)

What is CaaS? Put simply, Cybercrime as a Service CaaS means black hat hackers for hire. Now, any ex-employee with a grudge, any disgruntled customer, any troubled ex-partner, or vindictive competitor, literally anyone with the right browser, can hire a dark web bad actor to perform...

Exploits0
myhack58
myhack58
added 2019/04/09 12:0 a.m.76 views

XSLeaks attack analysis-HTTP caching and cross-site leakage-vulnerability warning-the black bar safety net

0x1 XSSearch past lives This attack is the earliest can be dated back to 10 years agoi.e. 2009, one named Chris Evans, security personnel describes one of the Yahoo attack: Chris use a malicious web site to search for the site visitor's e-mail Inbox, and he by constructing different keywords mann...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/16 1:47 a.m.9 views

urlaubspiraten.de XSS vulnerability

Vulnerable URL: http://www.urlaubspiraten.de/user/social/connect-social-account/1/'-confirm'OPENBUGBOUNTY'-'OmniGooch Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 16890 VIP website status:| Yes Coordinated...

6.3AI score
Exploits0
myhack58
myhack58
added 2014/06/21 12:0 a.m.17 views

Israeli hacker found a Gmail vulnerability to traverse the user's email address-bug warning-the black bar safety net

When one day you have the opportunity to encounter all of the gmail mailbox, you will what is empathy? On the Internet every two to three users will have a user using Gmail as a mail service provider, and the gmail mailbox is also become for us in the second element in the critical social account...

7.2AI score
Exploits0
myhack58
myhack58
added 2014/06/20 12:0 a.m.29 views

Israeli hacker found a Gmail vulnerability to traverse all the user's e-mail address-vulnerability warning-the black bar safety net

When one day you have the opportunity to encounter all of the gmail mailbox, you will what is empathy for? On the Internet every two to three users will have a user using Gmail as a mail service provider, and the gmail mailbox is also become for us in the second element in the critical social...

7.1AI score
Exploits0
Rows per page
Query Builder