18 matches found
EUVD-2026-16595
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...
CVE-2026-1496
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...
CVE-2026-1496 Coverity CLI Authentication Bypass
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...
CVE-2026-1496
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...
CVE-2026-1496 Coverity CLI Authentication Bypass
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...
CVE-2026-1496
Coverity Connect CLI authentication bypass (CVE-2026-1496) affects vulnerable versions of Coverity Connect. The root cause is a missing error handler in the authentication logic for command line tooling, enabling an attacker with access to the /token endpoint to craft a request that bypasses auth...
PT-2026-28312
Name of the Vulnerable Software and Affected Versions Coverity Connect affected versions not specified Description The authentication logic in the command line tooling for Coverity Connect is missing an error handler, leading to a potential authentication bypass. An attacker with access to the...
Synopsys Coverity Connect 安全漏洞
Synopsys Coverity Connect is a web-based platform provided by Synopsys, Inc. It primarily consists of static code analysis tools and dynamic code analysis tools. Synopsys Coverity Connect has security vulnerabilities; one of these vulnerabilities stems from the identity verification logic in the...
EUVD-2023-27933
Malicious code in bioql PyPI...
CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...
Synopsys Coverity Connect 安全漏洞
Synopsys Coverity Connect is a Web-based platform from Synopsys. It consists primarily of static code analysis and dynamic code analysis tools. A security vulnerability exists in versions prior to Coverity 2023.3.2 that stems from the presence of a forced browsing vulnerability, which exposes...
CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...
CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...
Cross site scripting
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...
Synopsys Coverity Connect 跨站脚本漏洞
Synopsys Coverity Connect is a Web-based platform from Synopsys. It consists primarily of static code analysis and dynamic code analysis tools. A cross-site scripting vulnerability exists in Synopsys Coverity Connect versions prior to 2022.12.0. An attacker could exploit this vulnerability to...
CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...
CVE-2023-23849
Coverity Connect versions prior to 2022.12.0 are vulnerable to an unauthenticated Cross‑Site Scripting (XSS) vulnerability. An attacker could leverage this to have a web service on the same subdomain set a cookie for the entire subdomain, potentially bypassing other mitigations and enabling furth...
CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...