Lucene search
K

593 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.8 views

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

6.5CVSS7AI score0.02607EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:32 p.m.11 views

CVE-2020-35229

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers with access to network traffic to effectively gain administrative privileges...

8.8CVSS7.7AI score0.00751EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 a.m.15 views

CVE-2018-16495

In VOS user session identifier authentication token is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap...

8.8CVSS7.1AI score0.00911EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.4 views

Zyxel USG FLEX H Series Firewall < 1.30 Privilege Escalation

Firmware version of the Zyxel USG is less than uOS 1.30. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series firewalls could allow an authenticated local attacker to...

7.8CVSS5.5AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/10 12:20 a.m.17 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

4.8CVSS7.3AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 2:15 p.m.39 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

7.5CVSS0.00323EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.27 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

4.8CVSS0.00323EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/08 12:0 a.m.7 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

4.8CVSS5.4AI score0.00323EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/04/07 9:59 p.m.215 views

hostinger : 1 Click Account Takeover via Auth Token Theft on marketing.hostinger.com

The vulnerability discovered in the marketing.hostinger.com subdomain allowed for one-click account takeover through the theft of authentication tokens. An attacker could exploit the whitelisted redirect functionality of the subdomain to steal a victim's authentication token, which could then be...

7.4AI score
Exploits0
NVD
NVD
added 2025/03/27 3:15 p.m.20 views

CVE-2025-1998

IBM UrbanCode Deploy UCD through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user...

5.5CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 2:41 p.m.64 views

CVE-2025-1998

CVE-2025-1998 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy. The vulnerability stems from storing potentially sensitive authentication token information in log files, which could be read by a local user. Affected product versions include UCD 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, ...

5.5CVSS6.3AI score0.00163EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/03/27 5:3 a.m.30 views

CVE-2025-0273 HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user...

5.5CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 5:3 a.m.6 views

CVE-2025-0273 HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user...

5.5CVSS5.4AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 4:15 p.m.15 views

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/03/12 3:15 p.m.7 views

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

5.4CVSS0.00256EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 3:32 p.m.6 views

OESA-2025-1186 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...

8.7CVSS6.7AI score0.68603EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2025/02/27 2:12 a.m.6 views

CVE-2025-21737

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephmdsauthmatch We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly cras...

5.5CVSS5.7AI score0.00191EPSS
Exploits0
CVE
CVE
added 2025/02/27 2:12 a.m.69 views

CVE-2025-21737

CVE-2025-21737: Linux kernel memory-leak in ceph_mds_auth_match fixed by freeing the temporary target path substring allocation on all branches; leak could trigger memory growth and kernel OOM. Connected docs corroborate the fix in ceph_mds_auth_match and the impact described in production. No ad...

5.5CVSS6.4AI score0.00191EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/02/19 10:31 a.m.3 views

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps v1.6.1, which stems from exposing an authentication token in the URL. An attacker can exploit the vulnerability to obtain sensitive information...

4.2CVSS6.6AI score0.00205EPSS
Exploits1References2
Rows per page
Query Builder