Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/18 11:52 a.m.16 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 2:40 p.m.30 views

CVE-2026-41574

CVE-2026-41574 affects Nhost’s OAuth linking logic in the Go controller. The defect stems from trusting a provider’s EmailVerified flag when linking an incoming OAuth identity to an existing account. Several providers (Discord, Bitbucket, AzureAD, EntraID) either do not populate or misreport emai...

9.8CVSS5.8AI score0.00809EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/15 2:15 p.m.6 views

PYSEC-2025-111

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2021/06/01 1:0 p.m.89 views

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access EAA platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the...

5CVSS7.9AI score0.01325EPSS
Exploits0
Rows per page
Query Builder