Lucene search
K

11 matches found

CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9183

The CVE concerns the WordPress plugin 24liveblog (versions up to and including 2.2). The root cause is lb24_block_enqueue_scripts() hooked to enqueue_block_editor_assets, which for non-administrator users loads site-wide integration secrets (lb24_token, lb24_refresh_token, lb24_uid, lb24_uname) f...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30901

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

5.3CVSS5.9AI score0.00558EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Bentley Systems iTwin Platform 安全漏洞

Bentley Systems iTwin Platform is a digital twin cloud platform developed by Bentley Systems. It supports infrastructure data modeling and full-lifecycle management. There is a security vulnerability in Bentley Systems iTwin Platform, which stems from exposed access tokens in the web page source...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/06 7:35 p.m.5 views

EUVD-2026-10065

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication exposes all global webhook integrations—including sensitive url and token fields—without performing any authentication check on the server side. Although the subscription is...

8.7CVSS5.7AI score0.00345EPSS
Exploits0References3
CVE
CVE
added 2026/02/21 4:9 a.m.14 views

CVE-2026-27193

Feathersjs versions ≤ 5.0.39 store all HTTP request headers in the signed but unencrypted session cookie. The complete headers object (including internal proxy/gateway headers, API keys, tokens, and internal IPs) is base64-encoded in the cookie and readable by clients, exposing sensitive infrastr...

8.2CVSS5.5AI score0.00354EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.6 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.19 of GitHub Enterprise Server, there was a security...

9CVSS6.2AI score0.00645EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/05 8:19 p.m.22 views

Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

8.1CVSS8AI score0.00349EPSS
Exploits1References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.7 views

CVE-2021-3167

In Cloudera Data Engineering CDE 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs...

6.5CVSS7.1AI score0.0111EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-38417 · Red Hat · Openshift Ai

Name of the Vulnerable Software and Affected Versions: OpenShift AI versions prior to 2.9 Description: A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the...

8.8CVSS7.8AI score0.00932EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.25 views

GitLab 8.9 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39869)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. CVE-2021-39869 Note that Nessus has not tested for this issue but has instead...

6.5CVSS6.5AI score0.01227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.7 views

PT-2023-22121 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software stores sensitive information in plaintext, allowing a threat actor to obtain hardcoded secrets, including tokens and passwords for administrative accounts...

4.3CVSS4.4AI score0.00274EPSS
Exploits0References4
Rows per page
Query Builder