OAuth - API Security Blog

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linuxfoundation Dex

# CVE-2022-39222 Dex is an identity service that uses OpenID Co...Read More ...

December 23, 2022

CVSS3 - MEDIUM

Exploit for Cross-site Scripting in Wp-Oauth Wp Oauth Server

# CVE-2022-3892 The WP OAuth Server (OAuth Authentication) Word...Read More ...

December 23, 2022

CVSS3 - MEDIUM

Exploit for Cross-Site Request Forgery (CSRF) in Wp-Oauth Wp Oauth Server

# CVE-2022-3926 The WP OAuth Server (OAuth Authentication) Word...Read More ...

December 23, 2022

CVSS3 - MEDIUM

CVE-2020-15679

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

December 22, 2022

Exploit for SQL Injection in Logrocket-Oauth2-Example Project Logrocket-Oauth2-Example

# CVE-2022-38488 logrocket-oauth2-example through 2020-05-27 al...Read More ...

December 22, 2022

CVSS3 - CRITICAL

Login with Cognito < 1.4.9 – Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili ...

December 20, 2022

Login with Cognito < 1.4.9 – Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili ...

December 20, 2022

GitHub Announces Free Secret Scanning for All Public Repositories

[![GitHub Secret Scanning](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() GitHub on Thursday said it is making available its sec ...

December 16, 2022