Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 PoC Exploit Code This Python script is a Proof...

CVE-2025-5409

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function createtoken of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the...

CVE-2025-5409 Mist Community Edition API Token views.py create_token access control

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function createtoken of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the...

CVE-2025-5409

Mist Community Edition up to 4.7.1 contains a vulnerability in the API Token Handler’s create_token function (src/mist/api/auth/views.py) that enables improper access controls. The issue allows remote initiation of an attack and has publicly disclosed exploits. Upgrading to version 4.7.2 addresse...

CVE-2025-5409 Mist Community Edition API Token views.py create_token access control

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function createtoken of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the...

PT-2025-23436 · Unknown · Mist Community Edition

Name of the Vulnerable Software and Affected Versions: Mist Community Edition versions up to 4.7.1 Description: A critical issue has been found, affecting the create token function of the API Token Handler component. This leads to improper access controls, allowing remote attacks. The issue has...

CVE-2024-48951

An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery SSRF on SOAR can be used to leak Logpoint's API Token leading to authentication bypass...

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-11669

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

CVE-2021-27024

A flaw was discovered in Continuous Delivery for Puppet Enterprise CD4PE that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0...

CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

CVE-2019-1003045

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...

CVE-2025-4646

Improper Privilege Management vulnerability in Centreon web API Token creation form modules allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4...

CVE-2025-4646

Incorrect Authorization vulnerability in Centreon web API Token creation form modules allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4...

CVE-2025-4646

Centreon Web (API Token creation form modules) is affected by CVE-2025-4646: an Improper Privilege Management vulnerability that can enable privilege escalation. The issue exists in Centreon Web versions 24.04.0 up to, but not including, 24.04.10 and 24.10.0 up to, but not including, 24.10.4. Roo...

CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web

Incorrect Authorization vulnerability in Centreon web API Token creation form modules allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4...

CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web

Incorrect Authorization vulnerability in Centreon web API Token creation form modules allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4...

CVE-2025-47730

The TeleMessage archiving backend (versions through 2025-05-05) is affected by an authentication-side flaw where the API endpoint used to request an authentication token accepts calls from the TM SGNL (Archive Signal) app using hardcoded credentials (user: logfile, password: enRR8UVVywXYbFkqU#QDP...

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...