39 matches found
PT-2026-28450
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains a privilege escalation issue within the device.token.rotate function. Callers possessing operator.pairing scope can generate tokens with expanded scopes, bypassing intended sco...
Plex Media Server <= 1.43.0.10389 Multiple Vulnerabilities
Plex Media Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:plex:plexmediaserver";...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69416
In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve other tokens intended for unrelated access via clients.plex.tv/devices.xml...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS <= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server
Plex media server 安全漏洞
Plex media server is a media player from Plex. A security vulnerability exists in Plex media server version 1.42.2.10156 and earlier, which stems from the ability to access /myplex/account using a device token that is not properly aligned with whether or not the device currently has an account...
PT-2026-1109
Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 1.42.2.10157 Description Plex Media Server PMS has an issue where access to the /myplex/account endpoint with a device token is not correctly linked to the device's account association status. This could all...
PT-2025-47410
Name of the Vulnerable Software and Affected Versions Itel DAB MUX versions affected versions not specified Description The Itel DAB MUX IDMUX build c041640a has a flaw in how it verifies JWT JSON Web Token authentication. This allows an attacker who has a valid JWT token from one device to use i...
CVE-2025-11647
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...
PT-2025-41735
Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...
CVE-2024-45032
A vulnerability has been identified in Industrial Edge Management Pro All versions V1.9.5, Industrial Edge Management Virtual All versions V2.3.1-1. Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices...
PT-2024-7880 · Siemens · Industrial Edge Management Virtual +1
Name of the Vulnerable Software and Affected Versions: Industrial Edge Management Pro versions prior to V1.9.5 Industrial Edge Management Virtual versions prior to V2.3.1-1 Description: A vulnerability has been identified in the affected components of Industrial Edge Management, which do not...
GHSA-H6MP-MC7G-MG49 scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication...
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication...
Vulnerability to bypass two-factor authentication with unverified JWT trusted device token
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...