Lucene search
+L

188 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-13410

CVE-2026-13410 affects Dancer::Plugin::Auth::Google for Perl up to version 0.07, where TLS verification is disabled in the library and the default user agent SSL_verify_mode is turned off. This enables a network (MITM) attacker between the Dancer app and googleapis.com to intercept the OAuth2 tok...

8.2CVSS5.4AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-60745

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSL verify mode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept th...

8.2CVSS5.3AI score0.00242EPSS
Exploits0References6
OSV
OSV
added 4 days ago7 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.2AI score0.00496EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago9 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.1AI score0.00496EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-44693

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS6.1AI score0.0016EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS0.0016EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/10 8:32 p.m.5 views

Missing Authorization

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Missing Authorization in the OAuth2 Token Exchange process. An attacker can gain elevated permissions by exchanging a low-privilege token for higher...

8.6CVSS6.1AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 6:16 p.m.9 views

CVE-2026-56668

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 6:16 p.m.7 views

CVE-2026-55672

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 5:46 p.m.17 views

CVE-2026-56668

Product/Component : ZITADEL identity management platform (OAuth2 Token Exchange endpoint). Vulnerability : Prior to version 4.15.3, the endpoint for grant-type: token-exchange does not verify that the subject token belongs to the requesting client, nor ensure requested scopes stay within the orig...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 5:46 p.m.36 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 5:46 p.m.3 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/09 4:31 p.m.7 views

User Impersonation

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation via the token-exchange identity-resolution service in packages/cli/src/modules/token-exchange/services/identity-resolution.service.ts. An attacker can authenticate as another user...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 3:27 p.m.33 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS0.00143EPSS
Exploits0References3
CVE
CVE
added 2026/07/09 3:27 p.m.25 views

CVE-2026-59208

CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/09 3:27 p.m.3 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-26232

Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange...

9.1CVSS0.00379EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.13 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

9.1CVSS0.00379EPSS
Exploits0References4
Rows per page
Query Builder