149 matches found
EUVD-2022-4547
Malicious code in bioql PyPI...
CVE-2025-0086
In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0086
Technical details such as affected products, versions, root cause, or remediation for CVE-2025-0086 are not publicly provided in the connected documents. Monitor for updates.
Linux Distros Unpatched Vulnerability : CVE-2025-27154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, t...
SUSE CVE-2025-6624
Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...
Malicious code in asdqweasdregistry-auth-token (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...
CVE-2025-54064
CVE-2025-54064 affects Rucio helm charts for rucio-server, rucio-ui, and rucio-webui. The Apache access-log format includes the X-Rucio-Auth-Token header (which may contain Internal Rucio tokens or JWTs), potentially exposing credentials in log lines. Affected versions and patches: rucio-server 3...
Rucio Helm Charts 日志信息泄露漏洞
Rucio Helm Charts is a library for Rucio in the rucio open source. Rucio Helm Charts suffers from a log message disclosure vulnerability that stems from logging X-Rucio-Auth-Token, which could lead to credential disclosure...
CVE-2025-20987
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...
CVE-2025-20987
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR May-2025 Release 1, which stems from improper access control and could allow a locally...
CVE-2024-52528
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...
PT-2025-11063 · Google · Android
Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: A flaw exists in the onResult function of AccountManagerService.java due to a missing permission check. This could allow overwriting of an authentication token, potentially...
aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +107 more potentially affected by CVE-2025-26699 via django (>=4.2.0 <=4.2.2)
django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.4.3 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...
FreeBSD : Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions (475d1968-f99d-11ef-b382-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 475d1968-f99d-11ef-b382-b0416f0c4c67 advisory. [email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API...
Improper File Permissions
spotipy is vulnerable to Improper File Permissions. The vulnerability is due to insecure default file permissions that allow unauthorized users to read the Spotify auth token...
SUSE CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
ASB-A-364269936
In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-PWHH-Q4H6-W599 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...