OAuth - CVE CyberSecurity Database News

Mar 31, 2025 OAuth

CVE-2025-31123 - ZITADEL Expired JWT Key Vulnerability Allowing Unauthorized Access Tokens

ZITADEL is an open-source identity infrastructure software that allows organizations to manage their user accounts, authentication, and authorization. Its self-contained server provides APIs and UI

Feb 27, 2025 API OAuth

CVE-2024-2321 - Unauthorized API Access in Multiple WSO2 Products: Risks and Exploitations

WSO2 is a widely used open-source technology aimed at providing an API-driven, cloud-native integration platform to power modern businesses. A critical vulnerability, identified as CVE-2024-2321,

Feb 25, 2025 API Exploit OAuth

CVE-2024-12368: Unauthorized Access to OAuth Tokens in Odoo Community 15. and Odoo Enterprise 15.

In the world of web applications, security vulnerabilities can be a major concern for both developers and users. In the case of Odoo, a widely

Feb 20, 2025 Exploit GraphQL gRPC OAuth

CVE-2025-27097 - GraphQL Mesh Security Vulnerability: Potential Memory Leak and Token Reuse

GraphQL Mesh is a widely-used GraphQL Federation framework and gateway that is designed to work seamlessly with various subgraphs, non-GraphQL services, and databases such as

Feb 18, 2025 OAuth

CVE-2025-26620 - Duende.AccessTokenManagement Race Condition Impacts Select Users

Summary: Duende.AccessTokenManagement, a set of .NET libraries that manage OAuth and OpenId Connect access tokens, has a race condition in client credentials flow leading