Lucene search
K

144 matches found

Vulnrichment
Vulnrichment
added 2025/02/27 1:53 p.m.6 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS6.3AI score0.00589EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/27 1:53 p.m.29 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS0.00589EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/02/27 1:53 p.m.14 views

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS6.9AI score0.00589EPSS
Exploits1
FreeBSD
FreeBSD
added 2025/02/27 12:0 a.m.33 views

Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...

9.8CVSS6.7AI score0.00589EPSS
Exploits1References1
CVE
CVE
added 2024/11/15 4:21 p.m.73 views

CVE-2024-52528

CVE-2024-52528 affects Budget Control Gateway, a gateway component routing requests to Budget Control microservices. The root cause is improper validation of auth tokens, which can let attackers bypass access restrictions. Affects Budget Control Gateway versions prior to 1.5.2; CVSS 4.0 base scor...

9.3CVSS6.5AI score0.00551EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 4:21 p.m.5 views

CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

9.3CVSS6.9AI score0.00551EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/15 4:21 p.m.21 views

CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

9.3CVSS0.00551EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/15 4:21 p.m.17 views

CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

9.3CVSS7.1AI score0.00551EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/09/23 10:10 p.m.13 views

Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents1 or a...

6.3AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/08/07 3:15 p.m.7 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

7.5CVSS6.7AI score0.01258EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/10 5:15 a.m.5 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-38875 via django (>=4.2.0 <=4.2.13)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-38875 Source advisory: OSV:PYSEC-2024-56...

7.5CVSS6.6AI score0.01187EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:40 p.m.4 views

Malicious code in driverless-acquisition-blue-auth-token-validator (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:40 p.m.4 views

MAL-2024-2268 Malicious code in driverless-acquisition-blue-auth-token-validator (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/06 3:28 p.m.15 views

CVE-2024-37150 Private npm registry support used scope auth token for downloading tarballs

An issue in .npmrc support in Deno 1.44.0 was discovered where Deno would send .npmrc credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability if their private...

7.6CVSS7.5AI score0.0042EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 3:28 p.m.15 views

CVE-2024-37150 Private npm registry support used scope auth token for downloading tarballs

An issue in .npmrc support in Deno 1.44.0 was discovered where Deno would send .npmrc credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability if their private...

7.6CVSS0.0042EPSS
Exploits0References3
Hacker One
Hacker One
added 2024/03/11 10:0 p.m.8 views

Mozilla: sentry Auth Token exposed publicly in docker hub image

The Sentry authentication token was exposed publicly in Docker Hub images belonging to the Taskcluster project. The token was found in the source code of the images and was still active, allowing access to the Sentry API...

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/06 8:45 p.m.15 views

CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

4.6CVSS6.8AI score0.00594EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/06 8:45 p.m.41 views

CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

4.6CVSS5AI score0.00594EPSS
Exploits1References3
CVE
CVE
added 2024/03/06 8:45 p.m.70 views

CVE-2024-27932

The CVE-2024-27932 issue affects Deno (JavaScript/TypeScript/Wasmtime runtime). The vulnerability arises from an improper check in the import descriptor hostname logic (in the auth_tokens.rs path) where a token hostname is not correctly constrained to its domain, allowing a token intended for exa...

4.6CVSS4.6AI score0.00594EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/01 4:57 p.m.27 views

Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...

6.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder