Lucene search
K

247 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

4.3CVSS5.7AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 6:42 p.m.13 views

GHSA-VVVV-983W-R7PV @workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 6:42 p.m.12 views

@workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37271

Name of the Vulnerable Software and Affected Versions @workos/authkit-session versions prior to 0.5.1 Description An open redirect issue exists in the handleCallback function of AuthService due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The stat...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References6
OSV
OSV
added 2026/04/18 3:34 p.m.10 views

GHSA-5W6H-PJW6-WVC6 apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS5.7AI score0.00328EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/18 1:22 p.m.4 views

CVE-2026-40948 Apache Airflow Providers Keycloak: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.7AI score0.00328EPSS
Exploits0References2
CVE
CVE
added 2026/04/18 1:22 p.m.19 views

CVE-2026-40948

The CVE-2026-40948 entry concerns the Keycloak authentication manager in apache-airflow-providers-keycloak. It describes missing OAuth 2.0 state validation and PKCE usage during login/login-callback, enabling a potential login-CSRF/session-fixation attack where a victim may be seduced into an att...

5.4CVSS5.7AI score0.00328EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 10:38 p.m.12 views

Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

5.4CVSS5.8AI score0.00106EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31418

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description The OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This could allow an attacker to potentially compromise...

5.9CVSS5.9AI score0.00103EPSS
Exploits0References4
OSV
OSV
added 2026/04/04 6:26 a.m.4 views

GHSA-9JPJ-G8VV-J5MF OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter

Summary Before OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth state value. Because the provider reflected state back in the redirect URL, the verifier could be exposed alongside the authorization code. Impact Anyone who could capture the redirect URL could learn bo...

7CVSS6AI score0.00238EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/04 6:26 a.m.12 views

OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter

Summary Before OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth state value. Because the provider reflected state back in the redirect URL, the verifier could be exposed alongside the authorization code. Impact Anyone who could capture the redirect URL could learn bo...

6CVSS6AI score0.00238EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/03 9:31 p.m.3 views

EUVD-2026-18849

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 8:45 p.m.7 views

CVE-2026-34511

OpenClaw prior to 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, causing the PKCE verifier to be exposed in the redirect URL. If an attacker captures the redirect URL, they can obtain both the authorization code and the PKCE verifier, defeating PKCE prote...

6CVSS6AI score0.00238EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.4 views

CVE-2026-29782

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint $skippermissions = true. It loads a record from the zzoauth2 table using the attacker-controlled GET parameter...

7.2CVSS5.8AI score0.0057EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.11 views

OpenClaw 安全特征问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 had security feature vulnerabilities. These vulnerabilities stemmed from the reuse of the PKCE verifier as a state parameter in the Gemini OAuth process, which could lead to t...

6CVSS5.8AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

OpenSTAManager 代码问题漏洞

OpenSTAManager is an open-source management software developed by Devcode, used for technical assistance and billing purposes. Versions of OpenSTAManager prior to 2.10.2 contained code vulnerabilities. These vulnerabilities stemmed from the oauth2.php file being an unvalidated endpoint. Attackers...

7.2CVSS5.9AI score0.0057EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16656

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 2:52 p.m.17 views

CVE-2026-4956

A CVE for Shenzhen Ruiming Technology Streamax Crocus 1.3.44 affecting the Parameter Handler’s DevicePrint.do?Action=ReadTask function. The vulnerability arises from manipulation of the State argument, leading to SQL injection. It is exploitable remotely and the exploit is public. The CVE notes n...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 2:52 p.m.4 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:52 p.m.2 views

CVE-2026-4956

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder