Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12792

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 2025/05/01 3:31 a.m.15 views

GHSA-7CP4-JW97-3RC2 Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4pc9-x2fx-p7vj. This link is maintained to preserve external references. Original Description The OAuth implementation in workers-oauth-provider that is part of MCP framework...

6CVSS6.7AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2025/05/01 1:15 a.m.27 views

CVE-2025-4143

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in: ...

6.1CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 1:15 a.m.39 views

CVE-2025-4144

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

9.8CVSS0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 12:19 a.m.29 views

CVE-2025-4143 Missing validation of redirect_uri on authorize endpoint

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in: ...

6CVSS0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.5 views

PT-2025-18344 · Unknown · Workers-Oauth-Provider

Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The OAuth implementation in workers-oauth-provider did not correctly validate that the redirect uri was on the allowed list of redirect URIs for the given client registration...

6.1CVSS5.9AI score0.00268EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.6 views

PT-2025-18345 · Unknown · Workers-Oauth-Provider

Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The issue is related to the OAuth implementation in workers-oauth-provider, part of the MCP framework. An attacker could cause the PKCE check to be skipped, completely...

9.8CVSS5.8AI score0.00491EPSS
Exploits0References11
Rows per page
Query Builder