Lucene search
+L

178 matches found

CVE
CVE
added 2026/02/18 8:37 p.m.13 views

CVE-2026-0573

CVE-2026-0573 affects GitHub Enterprise Server. The repository_pages API insecurely follows HTTP redirects when fetching artifact URLs, preserving the Authorization header containing a privileged JWT. An authenticated user could redirect requests to an attacker-controlled domain, exfiltrate the A...

9CVSS6.2AI score0.00645EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20495

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.19.2 GitHub Enterprise Server versions 3.18.4 GitHub Enterprise Server versions 3.17.10 GitHub Enterprise Server versions 3.16.13 GitHub Enterprise Server...

9CVSS6.1AI score0.00645EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

WordPress plugin Zarinpal Gateway for WooCommerce 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.7CVSS5.8AI score0.00296EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.16 views

CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

7.5CVSS6.4AI score0.00934EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 10:7 a.m.50 views

CVE-2025-14524

CVE-2025-14524 affects curl: when an HTTP(S) transfer is redirected cross‑protocol to IMAP/LDAP/POP3/SMTP, the OAuth2 bearer token may be leaked to the new target. Root cause: credentials aren’t cleared for the OAuth2 bearer during redirect handling, while username/password are cleared. Several a...

5.3CVSS6.3AI score0.00611EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/07 6:36 p.m.2 views

GHSA-GW2X-Q739-QHCR RustFS gRPC GetMetrics deserialization panic enables remote DoS

Summary A malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. Details - Vulnerable code: rustfs/src/storage/tonicservice.rs:1775-1782: - MetricType and...

6.9CVSS6.8AI score0.00284EPSS
Exploits1References4
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-12540

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics clientID and clientsecret being stored in plaintext in the publicly visible plugin source. This can...

4.7CVSS0.00231EPSS
Exploits0References2
OSV
OSV
added 2026/01/07 8:0 a.m.6 views

CURL-CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.8AI score0.00611EPSS
Exploits1
CNNVD
CNNVD
added 2026/01/04 12:0 a.m.6 views

Petlibro Smart Pet Feeder Platform 安全漏洞

Petlibro Smart Pet Feeder Platform is a smart pet management system from Petlibro. A security vulnerability exists in Petlibro Smart Pet Feeder Platform version 1.7.31 and earlier, which stems from a flaw in OAuth token authentication that could lead to authentication bypass...

9.8CVSS6.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/30 3:37 p.m.7 views

EUVD-2025-205645

axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header...

6CVSS6.4AI score0.00272EPSS
Exploits1References3
OSV
OSV
added 2025/12/30 3:37 p.m.9 views

GHSA-X4M5-4CW8-VC44 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...

6CVSS6.9AI score0.00272EPSS
Exploits1References4
NVD
NVD
added 2025/11/03 8:15 a.m.48 views

CVE-2025-12623

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Toke...

3.1CVSS0.00344EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.8 views

Jenkins OpenShift Pipeline Plugin 安全漏洞

Jenkins OpenShift Pipeline Plugin is an open source pipeline plugin for Jenkins. A security vulnerability exists in Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier versions, which stems from an authorization token that is not encrypted and stored in the job config.xml file of the Jenkins...

4.3CVSS6.2AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/13 9:4 p.m.4 views

EUVD-2025-34111

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS6.4AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-20330

Malware in sbrugna...

4.3CVSS4.9AI score0.00546EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17467

Malicious code in bioql PyPI...

9.1CVSS9.2AI score0.00637EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27606

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17624

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00387EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22553

Malicious code in bioql PyPI...

2.2CVSS6.6AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-31713

Malicious code in bioql PyPI...

8.7CVSS7.5AI score0.00668EPSS
Exploits1References2
Rows per page
Query Builder