Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
8.7
CVSSv3
CVE-2017-18111
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth a...
Atlassian Application Links
NA
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security prior to 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable n...
7.5
CVSSv3
CVE-2023-27891
rami.io pretix prior to 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.
Rami Pretix 4.16.0
Rami Pretix 4.17.0
Rami Pretix
6.4
CVSSv3
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
9.6
CVSSv3
CVE-2020-13292
In GitLab prior to 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
Gitlab Gitlab
5.3
CVSSv3
CVE-2022-32217
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.
Rocket.chat Rocket.chat
6.1
CVSSv3
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
5.4
CVSSv3
CVE-2016-3098
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and previous versions allows remote malicious users to hijack the user's OAuth autorization code.
Thoughtbot Administrate
NA
CVE-2014-7922
The GoogleAuthUtil.getToken method in the Google Play services SDK prior to 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows malicious users to bypass an intended consent dialog and retrieve toke...
Google Play Services Sdk
7.5
CVSSv3
CVE-2021-31555
An issue exists in the Oauth extension for MediaWiki up to and including 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »