Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-3632
The OAuth Client by DigitialPixies WordPress plugin up to and including 1.1.0 does not have CSRF checks in some places, which could allow malicious users to make logged-in users perform unwanted actions.
Digitialpixies Oauth Client
9.8
CVSSv3
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and previous versions does not invalidate the previous session on login.
Jenkins Bitbucket Oauth
5.7
CVSSv3
CVE-2023-24428
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Bitbucket Oauth
6.5
CVSSv3
CVE-2019-10436
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and previous versions allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.
Jenkins Google Oauth Credentials
9.8
CVSSv3
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
Miniorange Wp Oauth Server
8.8
CVSSv3
CVE-2022-34155
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a up to and including 6.23.3.
Miniorange Oauth Single Sign On
5.3
CVSSv3
CVE-2022-2133
The OAuth Single Sign On WordPress plugin prior to 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows malicious users to log onto the site with the only knowledge of a user's email address.
Miniorange Oauth Single Sign On
8.1
CVSSv3
CVE-2018-15758
Spring Security OAuth, versions 2.3 before 2.3.4, and 2.2 before 2.2.3, and 2.1 before 2.1.3, and 2.0 before 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the app...
Pivotal Software Spring Security Oauth
6.5
CVSSv3
CVE-2023-1092
The OAuth Single Sign On Free WordPress plugin prior to 6.24.2, OAuth Single Sign On Standard WordPress plugin prior to 28.4.9, OAuth Single Sign On Premium WordPress plugin prior to 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin prior to 48.4.9 do not have CSRF chec...
Miniorange Oauth Single Sign On
6.5
CVSSv3
CVE-2023-1093
The OAuth Single Sign On WordPress plugin prior to 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow malicious users to make logged in admins delete all IdP via a CSRF attack
Miniorange Oauth Single Sign On
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »