242 matches found
Shenzhen Ruiming Streamax Crocus 安全漏洞
Shenzhen Ruiming Streamax Crocus is a vehicle monitoring device developed by Shenzhen Ruiming. Versions of Shenzhen Ruiming Streamax Crocus prior to 1.3.44 contained a security vulnerability. This vulnerability stemmed from improper handling of the State parameter in the file/RemoteFormat.do, whi...
n8n 安全漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the OAuth callback handler skipping the verification of state parameter ownership, which could lead to the theft of OAut...
PT-2026-28081
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.8.0 Description n8n is a workflow automation platform. When the N8N SKIP AUTH ON OAUTH CALLBACK environment variable is set to true, the OAuth callback handler does not verify the ownership of the OAuth state parameter...
CVE-2026-31381
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
CVE-2026-31381 Gainsight Assist plugin information disclosure
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
CVE-2026-31381
CVE-2026-31381 and related entries describe a Gainsight Assist plugin information-disclosure vulnerability. The core issue is that user email addresses (PII) are exposed in base64-encoded form via the OAuth callback URL’s state parameter. This can allow an attacker to recover emails if the OAuth ...
CVE-2026-31381
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
CVE-2026-31381 Gainsight Assist plugin information disclosure
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
PT-2026-26609
Name of the Vulnerable Software and Affected Versions versions prior to 2026-31381 Description An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL. The vulnerability involves the exposure of Personally Identifiable...
Gainsight Assist 安全漏洞
Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from the state parameter in the OAuth callback URL exposing the base64-encoded user email address, potentially leading to personal...
Busy 输入验证错误漏洞
Busy is a social networking system developed by Busy Open Source. Versions of Busy 2.5.5 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the state parameter in the file source-code/busy-master/src/server/app.js, which...
CVE-2026-0555
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...
CVE-2026-0555 Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...
CVE-2026-0555
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the premmerce_wizard_actions AJAX endpoint in all versions up to and including 1.3.20. The root cause is missing capability checks and insufficient input sanitization and output escaping on the state parameter, en...
WordPress plugin Premmerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-69207
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...
CVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...
CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...