Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2016-3098
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and previous versions allows remote malicious users to hijack the user's OAuth autorization code.
Thoughtbot Administrate
383
VMScore
CVE-2014-7922
The GoogleAuthUtil.getToken method in the Google Play services SDK prior to 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows malicious users to bypass an intended consent dialog and retrieve toke...
Google Play Services Sdk
445
VMScore
CVE-2021-31555
An issue exists in the Oauth extension for MediaWiki up to and including 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.
383
VMScore
CVE-2017-14193
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
383
VMScore
CVE-2017-18877
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
NA
CVE-2024-4540
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly ...
445
VMScore
CVE-2017-18905
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
Mattermost Mattermost Server
445
VMScore
CVE-2020-13312
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
Gitlab Gitlab
383
VMScore
CVE-2019-7661
An issue exists in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
Phpmywind Phpmywind
445
VMScore
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module prior to 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote mali...
Openidc Mod Auth Openidc
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »