Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.13 views

CVE-2026-34456

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.8CVSS5.8AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 8:16 p.m.7 views

CVE-2026-34456

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.8CVSS0.00455EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 8:0 p.m.8 views

EUVD-2026-18009

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.1CVSS5.8AI score0.00455EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.10 views

Reviactyl 访问控制错误漏洞

Reviactyl is an open-source game server management panel developed by Reviactyl. Versions of Reviactyl prior to 26.2.0-beta.1 and 26.2.0-beta.5 contained an access control vulnerability. This vulnerability stemmed from a flaw in the OAuth authentication process, which automatically linked social...

9.8CVSS5.8AI score0.00455EPSS
Exploits0References3
CVE
CVE
added 2024/12/20 7:59 p.m.66 views

CVE-2024-56329

CVE-2024-56329 affects the Socialstream package for Laravel Jetstream (joelbutcher/socialstream). The vulnerability arises during social account linking to an already authenticated user, where a missing confirmation step allows an account takeover risk. The issue is worsened when the Socialite co...

8.9CVSS6.6AI score0.00543EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/20 7:59 p.m.8 views

CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream

Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...

8.9CVSS6.6AI score0.00543EPSS
Exploits0References2
OSV
OSV
added 2024/12/20 3:1 p.m.21 views

GHSA-3Q97-VJPP-C8RP Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...

8.9CVSS6AI score0.00543EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/12/20 3:1 p.m.35 views

Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...

8.9CVSS6.9AI score0.00543EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder