7 matches found
CVE-2026-50628
CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...
CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...
CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
PT-2024-5584
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description The issue is related to SQL injection in the QuerySet.values and values list methods on models with a JSONField. This vulnerability can be exploited by passing a...
PT-2024-6068
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description The issue is related to the get supported language variant function in Django, which can be subject to a potential denial-of-service attack when used with very lo...
PT-2024-21635
Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions 4.1.4 through 4.2.0 Description A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user into following a specially crafted URL to the OAuth login page, whic...
PT-2024-18997 · Vantage6 · Vantage6
Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Authenticated users could inject code into algorithm...