814 matches found
ownCloud Guests - User Enumeration
ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...
CVE-2026-27882
Coolify prior to 4.0.0-beta.461 uses a non-constant-time string comparison (!=) to validate the GitLab webhook secret token, enabling timing-based disclosure of the secret. The issue is fixed in 4.0.0-beta.461. Remediation: upgrade to 4.0.0-beta.461.
CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...
CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...
CVE-2026-54308
CVE-2026-54308 affects the n8n platform, specifically versions prior to 2.25.7 and 2.26.2. The MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests, enabling an unauthenticated attacker who knows the webhook URL to submit a forged payload and cause workflow execution...
CVE-2026-54308 n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...
EUVD-2025-210299
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...
CVE-2025-2669
CVE-2025-2669 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions 4.8, 5.0, 5.1, 5.2, 5.3). The root cause is improper token validation, enabling a privileged user to perform operations and access sensitive information outside their authority. The available sou...
CVE-2025-2669 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...
GHSA-WCPR-6G7X-P44R googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...
GHSA-8FCC-W5HV-4GXV googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint RFC 7662, the toolbox decodes the response into an introspectResp struct where t...
CVE-2026-11718
An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...
GHSA-WXG7-W2V3-W38G ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
Summary Two closely related token lifecycle validation vulnerabilities were discovered in ZITADEL's external JWT Identity Provider IdP implementation. Specifically, within the validation pipeline: Missing Expiration exp Enforcement: If an incoming JWT omits the exp claim entirely, the expiration...
CVE-2026-11718
The CVE-2026-11718 entry concerns an authentication bypass in googleapis/mcp-toolbox: during opaque-token validation via an OAuth 2.0 introspection endpoint, the code decodes the response and checks issuer with the condition a.issuer != "" && iss != "". If the introspection response omits iss, is...
CVE-2026-11718
An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...
CVE-2026-55742
Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in system/admin/admin.rights.php while performing the update action (a=update). The code path updates group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate an anti-CSRF token. A remote attack...
PT-2026-50660
Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description An authentication bypass exists in the generic opaque token validation path validateOpaqueToken. When validating an opaque token via an OAuth 2.0 introspection endpoint, the...
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...
CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...