Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-2133
The OAuth Single Sign On WordPress plugin prior to 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows malicious users to log onto the site with the only knowledge of a user's email address.
Miniorange Oauth Single Sign On
670
VMScore
CVE-2018-1260
Spring Security OAuth, versions 2.3 before 2.3.3, 2.2 before 2.2.2, 2.1 before 2.1.2, 2.0 before 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint tha...
Pivotal Software Spring Security Oauth
312
VMScore
CVE-2021-22573
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token wil...
Google Oauth Client Library For Java
1 Github repository
NA
CVE-2023-25042
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.
Stormconsultancy Oauth Twitter Feed For Developers
570
VMScore
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that w...
Google Oauth Client Library For Java
NA
CVE-2022-34858
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.
Miniorange Oauth 2.0 Client For Sso
383
VMScore
CVE-2021-30650
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote malicious user to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successfu...
Broadcom Layer7 Api Management Oauth Toolkit
357
VMScore
CVE-2022-22969
<Issue Description> Spring Security OAuth versions 2.5.x before 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send...
Pivotal Spring Security Oauth
Oracle Communications Design Studio 7.4.2
646
VMScore
CVE-2019-3778
Spring Security OAuth, versions 2.3 before 2.3.5, and 2.2 before 2.2.4, and 2.1 before 2.1.4, and 2.0 before 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a requ...
Pivotal Software Spring Security Oauth
Oracle Banking Corporate Lending 14.1.0
Oracle Banking Corporate Lending 14.3.0
Oracle Banking Corporate Lending 14.4.0
1 EDB exploit
2 Github repositories
585
VMScore
CVE-2019-11269
Spring Security OAuth versions 2.3 before 2.3.6, 2.2 before 2.2.5, 2.1 before 2.1.5, and 2.0 before 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a reques...
Pivotal Software Spring Security Oauth
Oracle Banking Corporate Lending 14.1.0
Oracle Banking Corporate Lending 14.3.0
Oracle Banking Corporate Lending 14.4.0
1 EDB exploit
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »