Lucene search
K

593 matches found

OSV
OSV
added 2025/09/17 1:15 p.m.3 views

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

9.8CVSS5.7AI score0.0052EPSS
Exploits0References2
NVD
NVD
added 2025/09/17 1:15 p.m.3 views

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

9.8CVSS0.0052EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/17 12:33 p.m.1 views

CVE-2025-8077 NeuVector admin account has insecure default password

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

9.8CVSS6.7AI score0.0052EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 12:33 p.m.25 views

CVE-2025-8077

CVE-2025-8077 describes a vulnerability in NeuVector up to version 5.4.5 where the built-in admin account uses a fixed string as the default password. If this password is not changed after deployment, any workload with network access within the cluster could use the default credentials to obtain ...

9.8CVSS6.7AI score0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 12:33 p.m.8 views

CVE-2025-8077 NeuVector admin account has insecure default password

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

9.8CVSS0.0052EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 9:15 p.m.5 views

CVE-2025-54391

A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration ZCS allows an attacker with valid user credentials to bypass Two-Factor Authentication 2FA protection. The attacker can configure an additional 2FA method either a third-party authenticator app or email-based...

9.1CVSS0.0058EPSS
Exploits0References3
NVD
NVD
added 2025/09/11 5:15 p.m.3 views

CVE-2025-26499

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to t...

6CVSS0.00127EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.2 views

Centurion ERP 授权问题漏洞

Centurion ERP is an open source management system from No Fuss Computing. An authorization issue vulnerability exists in Centurion ERP versions prior to 1.12.0 through 1.21.0, which stems from an improperly viewed authentication token that could lead to information disclosure...

4.3CVSS6.5AI score0.00248EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/26 10:48 p.m.3 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/22 5:32 p.m.7 views

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

8.5CVSS6.6AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 5:15 p.m.15 views

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

8.5CVSS0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 4:41 p.m.3 views

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

8.5CVSS7.3AI score0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 4:41 p.m.15 views

CVE-2025-6180

CVE-2025-6180 affects StrongDM Client. The issue is insufficient protection of a pre-authentication token, allowing interception and reuse via a race condition that could potentially redeem valid authentication credentials. The impact is described as token-level exposure with elevated risk to con...

8.5CVSS6.7AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34123 · Strongdm · Strongdm Client

Name of the Vulnerable Software and Affected Versions: StrongDM Client affected versions not specified Description: The StrongDM Client did not adequately protect a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication...

8.5CVSS6.3AI score0.00135EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in auth-jwt-csrf-kinetic (npm)

The package auth-jwt-csrf-kinetic was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/31 7:24 p.m.3 views

Malicious code in asdqweasdregistry-auth-token (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/07/22 9:31 p.m.14 views

GHSA-X9HG-5Q6G-Q3JR Ollama vulnerable to Cross-Domain Token Exposure

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS6.5AI score0.03837EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2025/07/22 9:31 p.m.43 views

Ollama vulnerable to Cross-Domain Token Exposure

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS7.4AI score0.03837EPSS
Exploits2References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/22 7:44 p.m.7 views

CVE-2025-51471

A domain validation flaw has been discovered in Ollama. In instances where a user attempts to download a model, but where the server responds with an http 401 error code, Ollama follows the WWW-Authenticate header's realm URL without validating if it belongs to the same domain as the original...

6.9CVSS7.2AI score0.03837EPSS
Exploits2References2
OSV
OSV
added 2025/07/21 7:19 p.m.1 views

GHSA-C5QX-P38X-QF5W RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

8.7CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder