In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port o ...
Continue Reading
May 23, 2025
A cleartext storage of sensitive information exists in...Read More ...
Continue Reading
May 23, 2025
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log acce ...
Continue Reading
May 23, 2025
A cleartext storage of sensitive information exists in...Read More ...
Continue Reading
May 23, 2025
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This ari ...
Continue Reading
May 23, 2025
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl ...
Continue Reading
May 23, 2025
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizi ...
Continue Reading
May 23, 2025
A cleartext storage of sensitive information exists in...Read More ...
Continue Reading
May 23, 2025
Back to Main
