13 matches found
CVE-2026-34456
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...
CVE-2026-34456
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...
EUVD-2026-18009
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...
Reviactyl 访问控制错误漏洞
Reviactyl is an open-source game server management panel developed by Reviactyl. Versions of Reviactyl prior to 26.2.0-beta.1 and 26.2.0-beta.5 contained an access control vulnerability. This vulnerability stemmed from a flaw in the OAuth authentication process, which automatically linked social...
CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...
CVE-2024-56329
CVE-2024-56329 affects the Socialstream package for Laravel Jetstream (joelbutcher/socialstream). The vulnerability arises during social account linking to an already authenticated user, where a missing confirmation step allows an account takeover risk. The issue is worsened when the Socialite co...
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...
GHSA-3Q97-VJPP-C8RP Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...
The Worrying Rise of Cybercrime as a Service (CaaS)
What is CaaS? Put simply, Cybercrime as a Service CaaS means black hat hackers for hire. Now, any ex-employee with a grudge, any disgruntled customer, any troubled ex-partner, or vindictive competitor, literally anyone with the right browser, can hire a dark web bad actor to perform...
XSLeaks attack analysis-HTTP caching and cross-site leakage-vulnerability warning-the black bar safety net
0x1 XSSearch past lives This attack is the earliest can be dated back to 10 years agoi.e. 2009, one named Chris Evans, security personnel describes one of the Yahoo attack: Chris use a malicious web site to search for the site visitor's e-mail Inbox, and he by constructing different keywords mann...
urlaubspiraten.de XSS vulnerability
Vulnerable URL: http://www.urlaubspiraten.de/user/social/connect-social-account/1/'-confirm'OPENBUGBOUNTY'-'OmniGooch Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 16890 VIP website status:| Yes Coordinated...
Israeli hacker found a Gmail vulnerability to traverse the user's email address-bug warning-the black bar safety net
When one day you have the opportunity to encounter all of the gmail mailbox, you will what is empathy? On the Internet every two to three users will have a user using Gmail as a mail service provider, and the gmail mailbox is also become for us in the second element in the critical social account...
Israeli hacker found a Gmail vulnerability to traverse all the user's e-mail address-vulnerability warning-the black bar safety net
When one day you have the opportunity to encounter all of the gmail mailbox, you will what is empathy for? On the Internet every two to three users will have a user using Gmail as a mail service provider, and the gmail mailbox is also become for us in the second element in the critical social...