Tag
high
advisory
Laravel Passport Authentication Bypass Vulnerability (CVE-2026-39976)
2 rules 1 TTP 1 CVELaravel Passport versions 13.0.0 before 13.7.1 contain an authentication bypass vulnerability (CVE-2026-39976) where machine-to-machine tokens can authenticate as a real user due to improper validation of the JWT sub claim.
cve-2026-39976
laravel
oauth2
authentication bypass
2r
1t
1c
high
advisory
XenForo OAuth2 Unauthorized Scope Request Vulnerability
2 rules 1 TTP 1 CVE 2 IOCsXenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes, potentially allowing client applications to gain access beyond their intended authorization level due to improper authorization checks.
cve-2025-71278
oauth2
xenforo
incorrect-authorization
2r
1t
1c
2i