Lucene search
K

5 matches found

Veracode
Veracode
added 2026/04/22 8:43 a.m.12 views

Improper Validation Of OAuth State Tokens

github.com/mattermost/mattermost-server is vulnerable to improper validation of OAuth state tokens. The vulnerability is due to insufficient validation during the OpenID Connect OAuth flow, which allows an attacker to manipulate authentication data and take over a user account under specific...

9.9CVSS7.2AI score0.0031EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2026/01/14 11:48 a.m.3 views

Cross-Site Request Forgery (CSRF)

fastapiusers is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to stateless and predictable OAuth state tokens with no session binding or per-request entropy, which allows an attacker to initiate an OAuth flow, reuse a valid state token, and trick a victim into completing...

8.8CVSS5.9AI score0.00222EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 p.m.8 views

CVE-2025-68481

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

5.9CVSS6.9AI score0.00222EPSS
Exploits1References1
NVD
NVD
added 2025/12/19 9:15 p.m.11 views

CVE-2025-68481

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

8.8CVSS0.00222EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 8:14 p.m.29 views

CVE-2025-68481 FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

5.9CVSS0.00222EPSS
Exploits1References4
Rows per page
Query Builder