Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or...Read ...
Continue Reading
May 23, 2025
A cleartext transmission of sensitive information exists in...Read More ...
Continue Reading
May 23, 2025
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke ...
Continue Reading
May 23, 2025
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or...Read ...
Continue Reading
May 23, 2025
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is pr ...
Continue Reading
May 23, 2025
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box&qu ...
Continue Reading
May 23, 2025
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 C ...
Continue Reading
May 23, 2025
A cleartext transmission of sensitive information exists in...Read More ...
Continue Reading
May 23, 2025
Back to Main
