Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly tr ...
Continue Reading
May 23, 2025
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven' ...
Continue Reading
May 23, 2025
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been ...
Continue Reading
May 23, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed a ...
Continue Reading
May 23, 2025
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven' ...
Continue Reading
May 23, 2025
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been ...
Continue Reading
May 23, 2025
In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing t ...
Continue Reading
May 23, 2025
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application...Read More ...
Continue Reading
May 23, 2025
Back to Main
