Lucene search
K

19 matches found

NVD
NVD
added 2026/07/04 6:16 p.m.9 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

8.1CVSS0.00172EPSS
Exploits0References5
CVE
CVE
added 2026/07/04 5:52 p.m.20 views

CVE-2026-12746

CVE-2026-12746 affects Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 (Perl). The underlying issue is that the OAuth 2.0 state parameter is not supported, causing the authentication_url to redirect without a state value and the callback to process the response without binding it to t...

8.1CVSS5.9AI score0.00186EPSS
Exploits0References4
OSV
OSV
added 2026/05/09 1:16 a.m.5 views

DEBIAN-CVE-2026-6666

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.12 views

PT-2026-39228

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description A null pointer reference can occur in the kill pool logins server error function if a server sends an error response that lacks the SQLSTATE field, potentially leading to a crash. Recommendations...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.10 views

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS5.7AI score0.00328EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/18 3:34 p.m.8 views

apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS5.7AI score0.00328EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/18 2:16 p.m.6 views

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/18 1:22 p.m.38 views

CVE-2026-40948 Apache Airflow Providers Keycloak: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/02/02 10:59 p.m.4 views

CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

2.3CVSS5.5AI score0.00203EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.8 views

PT-2025-47957

Name of the Vulnerable Software and Affected Versions Tuya SDK version 6.5.0 Tuya Smart application Smartlife application Description A Cross-Site Request Forgery CSRF issue exists in the OAuth implementation of the Tuya SDK. This affects the Tuya Smart and Smartlife mobile applications, as well ...

8.8CVSS6.3AI score0.00135EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2025/09/04 9:47 a.m.3 views

net/mlx5e: Remove skb secpath if xfrm state is not found

...

5.5CVSS7AI score0.00146EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/31 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-38590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an...

5.5CVSS6.5AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/08/19 11:23 p.m.9 views

SUSE CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

5.5CVSS6.4AI score0.00146EPSS
Exploits0References20
NVD
NVD
added 2025/08/19 5:15 p.m.5 views

CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

5.5CVSS0.00146EPSS
Exploits0References5
OSV
OSV
added 2025/08/19 5:15 p.m.8 views

AZL-66452 CVE-2025-38590 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

5.5CVSS5.5AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 5:3 p.m.6 views

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

0.00146EPSS
Exploits0References5
CVE
CVE
added 2025/08/19 5:3 p.m.50 views

CVE-2025-38590

CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...

5.5CVSS6.7AI score0.00146EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net/mlx5e module not removing the skb secpath when the xfrm state is not found...

5.5CVSS6.6AI score0.00146EPSS
Exploits0References7
CVE
CVE
added 2025/06/30 9:39 a.m.20 views

CVE-2024-8419

CVE-2024-8419 affects the AC4xxS line of ifm electronic devices. The root cause is missing authentication in an endpoint script, allowing an unauthorized remote attacker to force the system into a fail-safe state over the network. Public details across sources confirm the basic impact but do not ...

7.5CVSS6.5AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder