Lucene search
+L

436 matches found

NVD
NVD
added 2 days ago10 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2024-55659

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS5.2AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS5.2AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2024-23567

Technical details about CVE-2024-23567 are not publicly available in the provided documents. Monitor for updates from vendor advisories or trusted sources before assessing impact or remediation.

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-62386

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS0.00269EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40426

Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 10:13 p.m.14 views

nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

5.5AI score0.00012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.25 views

PT-2026-48602

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description After the handleOperatorCreateAPIKey function in internal/web/operators.go:251 generates a 32-byte bearer token, the application redirects the browser to the endpoint /ui/operators/?new key=&key...

5.5CVSS5.9AI score0.00012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS5.4AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS5.4AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.27 views

PT-2026-46878

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

5.6AI score0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:9 p.m.6 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00218EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Strawberry GraphQL 安全漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions 0.288.4 to 0.315.3 of Strawberry GraphQL contain security vulnerabilities. These vulnerabilities stem from the GraphiQL template writing values from the header editor into the browser URL query...

4.3CVSS5.3AI score0.00218EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 8:59 p.m.13 views

EUVD-2026-33059

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in WebKit2GTK

“Clear History and Website Data” did not successfully clear the history. The issue was resolved through improved data deletion mechanisms. This issue has been fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3, and iPadOS 14.3, as well as tvO...

3.3CVSS6.6AI score0.0036EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Browser History component of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker who convinced a user to perform certain UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00975EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41972

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...

3.1CVSS6AI score0.00218EPSS
Exploits0References9
Veracode
Veracode
added 2026/05/16 5:23 a.m.7 views

Sensitive Information Exposure

Portainer Community Edition is vulnerable to Exposure of Sensitive Information. The vulnerability is due to the authentication middleware accepting JWT bearer tokens through the ?token= URL query parameter, which allows an attacker to obtain authentication tokens from browser history, proxy logs,...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/14 5:16 p.m.15 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS0.00115EPSS
Exploits0References1
Rows per page
Query Builder