Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security prior to 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable n...
312
VMScore
CVE-2022-28133
Jenkins Bitbucket Server Integration Plugin 3.1.0 and previous versions does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.
Jenkins Bitbucket Server Integration
490
VMScore
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
NA
CVE-2016-3098
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and previous versions allows remote malicious users to hijack the user's OAuth autorization code.
Thoughtbot Administrate
NA
CVE-2023-27891
rami.io pretix prior to 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.
Rami Pretix 4.16.0
Rami Pretix 4.17.0
Rami Pretix
NA
CVE-2022-32217
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.
Rocket.chat Rocket.chat
490
VMScore
CVE-2020-13292
In GitLab prior to 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
Gitlab Gitlab
445
VMScore
CVE-2021-31555
An issue exists in the Oauth extension for MediaWiki up to and including 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.
383
VMScore
CVE-2017-14193
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »