Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 10:16 a.m.20 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS0.0025EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/08 9:30 a.m.12 views

EUVD-2026-35037

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:30 a.m.7 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/08 9:30 a.m.7 views

CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.6AI score0.0025EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/08 9:30 a.m.40 views

CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS0.0025EPSS
Exploits0References7
CVE
CVE
added 2026/06/08 9:30 a.m.32 views

CVE-2026-11502

CVE-2026-11502 affects JeecgBoot up to 3.9.2. The vulnerability is in the function HttpServletResponse.sendRedirect used by the Third-Party Login flow, specifically in ThirdLoginController.java, where manipulation of the argument state enables an open redirect. The issue can be triggered remotely...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47264

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.6AI score0.0025EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/26 5:10 p.m.37 views

CVE-2026-44707 Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS0.00344EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 5:10 p.m.25 views

CVE-2026-44707

CVE-2026-44707 (Chatwoot) : From 2.14.0 up to before 4.13.0, an authentication flow vulnerability allows a pre-registered, unowned email to set a password, enabling a Pre-Account Takeover. If the legitimate user later signs in via Google OAuth or another OmniAuth provider, the OAuth flow can sile...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 6:12 p.m.6 views

EUVD-2026-20561

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

5.9CVSS5.9AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29536

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

5.9AI score0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/05 12:7 a.m.11 views

CVE-2025-15115

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin...

6.9CVSS7.1AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/01/04 12:15 a.m.7 views

CVE-2025-15115

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin...

9.8CVSS0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/01/04 12:15 a.m.2 views

CVE-2025-15115

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/25 12:28 a.m.17 views

CVE-2025-54120

PCL Plain Craft Launcher Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if...

9.3CVSS6.9AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2025/07/23 1:15 a.m.9 views

CVE-2025-54120

PCL Plain Craft Launcher Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if...

9.3CVSS0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.6 views

PT-2024-37678 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...

8CVSS7.9AI score0.00559EPSS
Exploits0References22
OSV
OSV
added 2024/06/18 5:0 p.m.3 views

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

5.4CVSS6.7AI score0.00289EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/06/20 9:33 a.m.16 views

Weblate: Persistence of Third Party Association.

After one might have disconnected a third party association, Google in this case. Using the third party login logs one back in the account...

2.6AI score
Exploits0
Rows per page
Query Builder