Lucene search
K

19 matches found

Github Security Blog
Github Security Blog
added 2026/04/15 7:19 p.m.8 views

Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2025/10/08 8:15 a.m.5 views

CVE-2025-11442

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be...

5.3CVSS0.00296EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/08 7:32 a.m.3 views

CVE-2025-11442 JhumanJ OpnForm API Endpoint cross-site request forgery

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be...

5.3CVSS4.4AI score0.00296EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/07 6:9 a.m.7 views

CVE-2025-61673

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...

8.6CVSS7AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2648

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0062EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1265

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.0078EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1266

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00542EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

8.8CVSS6.8AI score0.0078EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-42368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry da...

6.5CVSS6.4AI score0.0062EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.5 views

PT-2024-29902

Name of the Vulnerable Software and Affected Versions OpenTelemetry versions prior to 0.107.0 Description OpenTelemetry is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data. The bearertokenauth extension's server...

6.9CVSS6.6AI score0.0062EPSS
Exploits0References13
OSV
OSV
added 2024/03/06 10:50 a.m.20 views

BIT-ARGO-CD-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

9.9CVSS9.2AI score0.00975EPSS
Exploits1References3
OSV
OSV
added 2023/04/12 6:30 p.m.15 views

GHSA-C8FF-J5GM-6492 Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability

Jenkins Report Portal Plugin 0.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. Additionally, this form...

4.3CVSS8.7AI score0.0078EPSS
Exploits0References3
NVD
NVD
added 2023/04/12 6:15 p.m.16 views

CVE-2023-30526

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...

6.5CVSS6.4AI score0.00542EPSS
Exploits0References2
Prion
Prion
added 2023/04/12 6:15 p.m.22 views

Authentication flaw

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...

4CVSS6.3AI score0.00542EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.16 views

CVE-2023-30526

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...

6.5AI score0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.16 views

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

8.9AI score0.0078EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.7 views

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

6.7AI score0.0078EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 4:55 p.m.30 views

GHSA-JMRX-5G74-6V2F Kubernetes client-go library logs may disclose credentials to unauthorized users

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

6.5CVSS6.1AI score0.01766EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2019/08/29 12:0 a.m.33 views

Credentials Management

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...

6.5CVSS3.3AI score0.01766EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder