50 matches found
CVE-2026-50132
Summary (CVE-2026-50132) Budibase exposes a public GET endpoint GET /api/chat-links/:instance/:token/handoff that, before version 3.39.0, can silently link an attacker’s external chat identity (Slack/Discord/MS Teams) to a victim’s Budibase account without consent or CSRF protection. The flow: an...
CVE-2026-48612
Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover...
keycloak: Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...
EUVD-2026-31134
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-44695
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...
CVE-2026-44695
Summary: CVE-2026-44695 affects Outline before version 1.7.1. The Slack OAuth flow for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. If an attacker can obtain a Slack OAuth code for the same Outline Slack client, they can cause a logged-in Outline user to comple...
PT-2026-39520
OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...
CVE-2026-41574
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...
EUVD-2026-18144
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...
CVE-2026-32132
CVE-2026-32132 (ZITADEL) affects Zitadel identity management platform prior to versions 3.4.8 and 4.12.2. The vulnerability lies in the passkey registration endpoint, where an improper expiration check of a retrieved code could allow an attacker to register their own passkey and gain access to th...
Cross-site Request Forgery (CSRF)
fastapi-sso is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing persistence and verification of the OAuth state parameter, which allows an attacker to supply a malicious callback URL and link their account to a victim’s session...
EUVD-2025-202272
An unverified password change vulnerability CWE-620 vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5....
CVE-2025-59808
Fortinet FortiSOAR PaaS and FortiSOAR on-premise are affected by an unverified password change vulnerability (CWE-620) that may allow an attacker who already has access to a user account to reset credentials without the current password. Affected versions include FortiSOAR PaaS 7.3–7.6.2 and Fort...
CVE-2025-59808
An unverified password change vulnerability CWE-620 vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5....
CVE-2025-56400
Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...
PT-2025-47957
Name of the Vulnerable Software and Affected Versions Tuya SDK version 6.5.0 Tuya Smart application Smartlife application Description A Cross-Site Request Forgery CSRF issue exists in the OAuth implementation of the Tuya SDK. This affects the Tuya Smart and Smartlife mobile applications, as well ...
CVE-2025-56400
Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...
Keycloak phishing attack via email verification step in first login flow
There is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to "review profile" information, which allows the the attacker to...