Lucene search
+L

39 matches found

Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.13 views

PT-2026-28450

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains a privilege escalation issue within the device.token.rotate function. Callers possessing operator.pairing scope can generate tokens with expanded scopes, bypassing intended sco...

9.9CVSS6.5AI score0.0054EPSS
Exploits0References20
OpenVAS
OpenVAS
added 2026/01/05 12:0 a.m.10 views

Plex Media Server <= 1.43.0.10389 Multiple Vulnerabilities

Plex Media Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:plex:plexmediaserver";...

8.5CVSS6AI score0.00537EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/03 5:1 p.m.9 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS6.8AI score0.00255EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 5:16 p.m.6 views

CVE-2025-69416

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve other tokens intended for unrelated access via clients.plex.tv/devices.xml...

5CVSS0.00274EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 5:16 p.m.6 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS5.8AI score0.00537EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 5:16 p.m.11 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 4:49 p.m.3 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS6.5AI score0.00255EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/02 4:49 p.m.38 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS0.00255EPSS
Exploits1References1
CVE
CVE
added 2026/01/02 4:49 p.m.23 views

CVE-2025-69415

CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS &lt;= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server

7.1CVSS6.5AI score0.00255EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.6 views

Plex media server 安全漏洞

Plex media server is a media player from Plex. A security vulnerability exists in Plex media server version 1.42.2.10156 and earlier, which stems from the ability to access /myplex/account using a device token that is not properly aligned with whether or not the device currently has an account...

7.1CVSS6.6AI score0.00255EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.9 views

PT-2026-1109

Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 1.42.2.10157 Description Plex Media Server PMS has an issue where access to the /myplex/account endpoint with a device token is not correctly linked to the device's account association status. This could all...

8.5CVSS6.5AI score0.00537EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47410

Name of the Vulnerable Software and Affected Versions Itel DAB MUX versions affected versions not specified Description The Itel DAB MUX IDMUX build c041640a has a flaw in how it verifies JWT JSON Web Token authentication. This allows an attacker who has a valid JWT token from one device to use i...

6.7AI score0.00518EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/13 10:23 p.m.9 views

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

6.8CVSS3.6AI score0.00528EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.10 views

PT-2025-41735

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...

3.1CVSS3.5AI score0.00528EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/02/05 3:33 a.m.4 views

CVE-2024-45032

A vulnerability has been identified in Industrial Edge Management Pro All versions V1.9.5, Industrial Edge Management Virtual All versions V2.3.1-1. Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices...

10CVSS7.1AI score0.00764EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.4 views

PT-2024-7880 · Siemens · Industrial Edge Management Virtual +1

Name of the Vulnerable Software and Affected Versions: Industrial Edge Management Pro versions prior to V1.9.5 Industrial Edge Management Virtual versions prior to V2.3.1-1 Description: A vulnerability has been identified in the affected components of Industrial Edge Management, which do not...

10CVSS7.6AI score0.00764EPSS
Exploits0References29
OSV
OSV
added 2024/05/21 6:16 p.m.18 views

GHSA-H6MP-MC7G-MG49 scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication...

7.4CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/21 6:16 p.m.17 views

scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication...

6.9AI score
Exploits0References4Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/07/08 12:27 p.m.16 views

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

4.5AI score
Exploits0Affected Software1
Rows per page
Query Builder