Vulnerabilities > Cloudflare
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-01 | CVE-2025-4143 | Open Redirect vulnerability in Cloudflare Workers-Oauth-Provider 0.0.5 The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/26 https://github.com/cloudflare/workers-oauth-provider/pull/26 Impact: Under certain circumstances (see below), if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visiting a malicious web site, then attacker could potentially steal the victim's credentials to the same OAuth server and subsequently impersonate them. In order for the attack to be possible, the OAuth server's authorized callback must be designed to auto-approve authorizations that appear to come from an OAuth client that the victim has authorized previously. | 6.1 |
| 2025-05-01 | CVE-2025-4144 | Unspecified vulnerability in Cloudflare Workers-Oauth-Provider 0.0.5 PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . | 9.8 |
| 2024-01-29 | CVE-2024-0212 | Unspecified vulnerability in Cloudflare The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. | 6.5 |
| 2024-01-04 | CVE-2023-6992 | Out-of-bounds Write vulnerability in Cloudflare Zlib Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). | 5.5 |
| 2023-12-29 | CVE-2023-7078 | Server-Side Request Forgery (SSRF) vulnerability in Cloudflare Miniflare 3.20230821.0 Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. | 8.1 |
| 2023-12-29 | CVE-2023-7079 | Improper Authentication vulnerability in Cloudflare Wrangler Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. | 5.7 |
| 2023-12-29 | CVE-2023-7080 | Unspecified vulnerability in Cloudflare Wrangler The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. low complexity cloudflare | 8.0 |
| 2023-12-12 | CVE-2023-6193 | Resource Exhaustion vulnerability in Cloudflare Quiche quiche v. | 5.3 |
| 2023-12-05 | CVE-2023-6180 | Memory Leak vulnerability in Cloudflare Boring 4.0.0 The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. | 5.3 |
| 2023-09-07 | CVE-2023-3747 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudflare Warp 6.29 Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. | 5.5 |