20 matches found
USN-8555-1: Ubuntu Advantage Tools (pro client) vulnerabilities
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. CVE-2026-9494 Frederick...
PT-2026-60465
Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An information disclosure issue exists where the client validates Ubuntu Pro APT credentials by executing the /usr/lib/apt/apt-helper using the download-file command. The secret...
PT-2026-52565
Name of the Vulnerable Software and Affected Versions OHIF affected versions not specified Description The DICOMWebProxy and DICOMJSON data sources, when used with default configurations, fetch an arbitrary URL parameter without proper validation. A global authentication service within the...
CVE-2026-49336
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...
JLSEC-2026-428 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross...
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...
openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...
SUSE-SU-2026:21379-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...
CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure
Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...
CVE-2026-40945
Oxia (metadata store/coordination system) is affected prior to version 0.16.2. When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext, potentially exposing JWT tokens in application logs and any connected log aggregation systems if DEBUG logging is enabled in ...
CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure
Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...
Oxia exposes bearer token in debug log messages on authentication failure
Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...
GHSA-VR79-8M62-WH98 FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
Summary The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith URL prefix matching flaw in the credential provider ManagedWebAccessUtils.getServer, an attacker can steal authentication...
CVE-2026-33620
CVE-2026-33620 concerns PinchTab, a standalone HTTP server that exposes a Chrome-control API. The affected range is PinchTab versions v0.7.8–v0.8.3, which accepted an API credential via a token URL query parameter in addition to the Authorization header. When a valid credential is passed in the U...
K000160292: Curl vulnerability CVE-2025-14524
Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...
CVE-2025-11924 Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...
CVE-2025-11749
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract th...
CVE-2025-11749
The WordPress AI Engine plugin (≤ 3.1.3) is vulnerable to unauthenticated sensitive information exposure via the REST API endpoints under /mcp/v1/ when No-Auth URL is enabled. This allows attackers to retrieve the Bearer Token, enabling session hijacking and actions such as creating an administra...
EUVD-2022-6437
Malicious code in bioql PyPI...
CVE-2024-9453
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...
PT-2022-24887 · Unknown · Ghinstallation
Name of the Vulnerable Software and Affected Versions: ghinstallation versions 1 through 1 ghinstallation version 2.0.0 is not affected as it contains the fix for the issue. Description: The issue concerns ghinstallation, which provides transport implementing http.RoundTripper for authentication ...