Lucene search
K

592 matches found

Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.5 views

CVE-2025-9803 Improper Authentication in lunary-ai/lunary

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

9.3CVSS6.9AI score0.00417EPSS
Exploits2References2
Snyk
Snyk
added 2025/11/13 10:34 p.m.5 views

Improper Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID...

8.8CVSS6.8AI score0.00376EPSS
Exploits1References2
OSV
OSV
added 2025/11/10 9:51 p.m.5 views

CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...

5CVSS6.5AI score0.00297EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/11/05 9:20 p.m.5 views

CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract...

8.8CVSS0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 9:20 p.m.1 views

CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract...

8.8CVSS6.3AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2025/11/05 9:20 p.m.16 views

CVE-2025-12779

The CVE-2025-12779 issue affects the Amazon WorkSpaces client for Linux (versions 2023.0 through 2024.8). The vulnerability arises from improper handling of the authentication token, which may allow a local user to expose another local user’s DCV-based WorkSpaces token from a shared client machin...

8.8CVSS6.3AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

Amazon WorkSpaces 安全漏洞

Amazon WorkSpaces is a fully managed persistent desktop virtualization service from Amazon.com, Inc. that lets your users access the data, applications, and resources they need anytime, anywhere, from any supported device. A security vulnerability exists in Amazon WorkSpaces version 2024.8 and...

8.8CVSS7.5AI score0.002EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/03 8:2 a.m.7 views

EUVD-2025-37478

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Toke...

3.1CVSS6.2AI score0.00314EPSS
Exploits0References5
CVE
CVE
added 2025/11/03 8:2 a.m.13 views

CVE-2025-12623

CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...

3.1CVSS6.3AI score0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/03 8:2 a.m.12 views

CVE-2025-12623 fushengqian fuint Authentication Token ClientSignController.java authorization

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Toke...

3.1CVSS0.00314EPSS
Exploits0References4
CVE
CVE
added 2025/10/31 1:5 p.m.13 views

CVE-2025-36249

IBM Jazz for Service Management versions 1.1.3.0–1.1.3.25 do not set the Secure attribute on authorization tokens or session cookies, enabling potential cookie theft via http links or injected sites. Remediation per IBM/Red Hat entries: upgrade to JazzSM 1.1.3.26 (1.1.3-TIV-JazzSM-multi-FP026). A...

5.3CVSS6.1AI score0.00143EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/10/30 10:15 p.m.3 views

CVE-2024-13999

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory AD or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromi...

9.8CVSS5.8AI score0.01794EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44424

Name of the Vulnerable Software and Affected Versions 2nd Line Android App versions v1.2.92 and earlier Description The 2nd Line Android App has an issue with how it controls access during authentication. The server only checks the first character of the user token, which allows attackers to gues...

7.5CVSS6.3AI score0.00327EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.6 views

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

8.6CVSS7AI score0.00935EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

Oxford Nanopore Technologies MinKNOW 安全漏洞

Oxford Nanopore Technologies MinKNOW is a data acquisition control and monitoring software from Oxford Nanopore Technologies, UK. A security vulnerability exists in Oxford Nanopore Technologies MinKNOW versions prior to 24.11, which stems from an authentication token stored in the system temporar...

7.8CVSS6.6AI score0.00155EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/16 10:43 a.m.10 views

CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS0.00641EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/14 9:50 p.m.5 views

CVE-2025-62176

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS6.9AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 9:29 p.m.6 views

CVE-2025-11645

A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical...

2.4CVSS5.9AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2025/10/13 9:15 p.m.5 views

CVE-2025-62176

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from an event where the stream server accepts service for a public timeline usin...

4.3CVSS6.6AI score0.00254EPSS
Exploits0References3
Rows per page
Query Builder