11 matches found
CVE-2026-9183
The CVE concerns the WordPress plugin 24liveblog (versions up to and including 2.2). The root cause is lb24_block_enqueue_scripts() hooked to enqueue_block_editor_assets, which for non-administrator users loads site-wide integration secrets (lb24_token, lb24_refresh_token, lb24_uid, lb24_uname) f...
PT-2026-30901
The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...
Bentley Systems iTwin Platform 安全漏洞
Bentley Systems iTwin Platform is a digital twin cloud platform developed by Bentley Systems. It supports infrastructure data modeling and full-lifecycle management. There is a security vulnerability in Bentley Systems iTwin Platform, which stems from exposed access tokens in the web page source...
EUVD-2026-10065
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication exposes all global webhook integrations—including sensitive url and token fields—without performing any authentication check on the server side. Although the subscription is...
CVE-2026-27193
Feathersjs versions ≤ 5.0.39 store all HTTP request headers in the signed but unencrypted session cookie. The complete headers object (including internal proxy/gateway headers, API keys, tokens, and internal IPs) is base64-encoded in the cookie and readable by clients, exposing sensitive infrastr...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.19 of GitHub Enterprise Server, there was a security...
Coder vulnerable to privilege escalation could lead to a cross workspace compromise
Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...
CVE-2021-3167
In Cloudera Data Engineering CDE 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs...
PT-2024-38417 · Red Hat · Openshift Ai
Name of the Vulnerable Software and Affected Versions: OpenShift AI versions prior to 2.9 Description: A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the...
GitLab 8.9 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39869)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. CVE-2021-39869 Note that Nessus has not tested for this issue but has instead...
PT-2023-22121 · Unknown · Facschorus
Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software stores sensitive information in plaintext, allowing a threat actor to obtain hardcoded secrets, including tokens and passwords for administrative accounts...