Lucene search
+L

149 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-4547

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.03965EPSS
Exploits0References17
osv
osv
added 2025/08/26 11:15 p.m.4 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS5.9AI score0.00124EPSS
Exploits0References2
cve
cve
added 2025/08/26 10:48 p.m.77 views

CVE-2025-0086

Technical details such as affected products, versions, root cause, or remediation for CVE-2025-0086 are not publicly provided in the connected documents. Monitor for updates.

6.2CVSS6AI score0.00124EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-27154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, t...

9.8CVSS7AI score0.00589EPSS
Exploits1References2
susecve
susecve
added 2025/08/04 11:25 p.m.4 views

SUSE CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

7.2CVSS7.1AI score0.00151EPSS
Exploits0References2
ossf
ossf
added 2025/07/31 7:24 p.m.4 views

Malicious code in asdqweasdregistry-auth-token (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
cvelist
cvelist
added 2025/07/17 2:40 p.m.16 views

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

6.9CVSS0.00411EPSS
Exploits0References1
cve
cve
added 2025/07/17 2:40 p.m.23 views

CVE-2025-54064

CVE-2025-54064 affects Rucio helm charts for rucio-server, rucio-ui, and rucio-webui. The Apache access-log format includes the X-Rucio-Auth-Token header (which may contain Internal Rucio tokens or JWTs), potentially exposing credentials in log lines. Affected versions and patches: rucio-server 3...

6.9CVSS6.5AI score0.00411EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/07/17 12:0 a.m.6 views

Rucio Helm Charts 日志信息泄露漏洞

Rucio Helm Charts is a library for Rucio in the rucio open source. Rucio Helm Charts suffers from a log message disclosure vulnerability that stems from logging X-Rucio-Auth-Token, which could lead to credential disclosure...

6.9CVSS6.4AI score0.00411EPSS
Exploits0References1
osv
osv
added 2025/06/04 5:15 a.m.10 views

CVE-2025-20987

Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...

6.7CVSS5.8AI score0.00124EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/04 4:56 a.m.23 views

CVE-2025-20987

Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...

5.2CVSS0.00124EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/06/04 12:0 a.m.12 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR May-2025 Release 1, which stems from improper access control and could allow a locally...

6.7CVSS6.2AI score0.00124EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 10:42 a.m.10 views

CVE-2024-52528

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

9.3CVSS6.9AI score0.00551EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/03/12 12:0 a.m.11 views

PT-2025-11063 · Google · Android

Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: A flaw exists in the onResult function of AccountManagerService.java due to a missing permission check. This could allow overwriting of an authentication token, potentially...

6.2CVSS6.1AI score0.00124EPSS
Exploits0References6
vulnersosv
vulnersosv
added 2025/03/06 7:15 p.m.4 views

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +107 more potentially affected by CVE-2025-26699 via django (>=4.2.0 <=4.2.2)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.4.3 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...

7.5CVSS7AI score0.00766EPSS
Exploits0
nessus
nessus
added 2025/03/06 12:0 a.m.4 views

FreeBSD : Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions (475d1968-f99d-11ef-b382-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 475d1968-f99d-11ef-b382-b0416f0c4c67 advisory. [email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References3
veracode
veracode
added 2025/03/05 10:4 a.m.7 views

Improper File Permissions

spotipy is vulnerable to Improper File Permissions. The vulnerability is due to insecure default file permissions that allow unauthorized users to read the Spotify auth token...

9.8CVSS6.9AI score0.00589EPSS
Exploits1References6Affected Software1
susecve
susecve
added 2025/03/01 2:51 a.m.6 views

SUSE CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References3
osv
osv
added 2025/03/01 12:0 a.m.25 views

ASB-A-364269936

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS6.5AI score0.00124EPSS
Exploits0References2
osv
osv
added 2025/02/28 2:34 a.m.1 views

GHSA-PWHH-Q4H6-W599 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...

8.4CVSS6.9AI score0.00589EPSS
Exploits1References6
Rows per page
Query Builder