Lucene search
K

1620 matches found

EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-112038

Malicious code in jwt-gravity-europa-hexo npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-112032

Malicious code in jwt-nebula-module-colors npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-112030

Malicious code in jwt-publish-hermes-miranda npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-123893

Malicious code in pegasus-forever-jwt-cache npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-123873

Malicious code in pegasus-redis-jwt-semantic-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-112025

Malicious code in jwt-test-elektra-sails npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-123321

Malicious code in procyon-kastra-jwt-css-minimizer-webpack-plugin npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.3 views

Malicious code in pegasus-redis-jwt-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 029211974165cff66e42351cf6175e104e89284a986f021fc112f1c0b00c02c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-143804 Malicious code in janus-cors-non-blocking-jwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab10dd4a20efdee524a8a1e195d284589d12d19dfdb7436f4055a944dc3aa658 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-144070 Malicious code in jwt-bulma-private-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6440b82a3e373f0f05f339f463a887f1b1c5f60136c927d1d72f65b011de2bf1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
NVD
NVD
added 2025/10/31 2:16 p.m.8 views

CVE-2025-64386

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session...

7.7CVSS0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/31 1:42 p.m.4 views

CVE-2025-64386 HIJACKING OF THE TOKEN AND GAINING ACCESS

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session...

7.7CVSS6.5AI score0.00321EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.4 views

Circutor TCPRS1plus 安全漏洞

Circutor TCPRS1plus is a communication converter from Circutor Spain. A security vulnerability exists in Circutor TCPRS1plus that stems from a web server that allows an attacker to reuse old JWT tokens during legitimate session activity, potentially leading to session hijacking and security...

7.7CVSS6.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2025/10/25 2:15 a.m.16 views

CVE-2025-11760

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

5.3CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2025/10/25 1:45 a.m.31 views

CVE-2025-11760

CVE-2025-11760 affects the WordPress plugin “eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams” through version 1.5.6. The root cause is exposure of the Zoom SDK secret keys in client-side JavaScript in the meeting view template, enabling unauthenticated attackers to extract...

5.3CVSS5.3AI score0.00287EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:31 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT

Summary vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in...

5.8CVSS6.6AI score0.00806EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/23 8:16 p.m.12 views

CVE-2025-62610

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

8.1CVSS6.7AI score0.0035EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/23 4:1 p.m.2 views

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

9.2CVSS7.6AI score0.00749EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/23 4:1 p.m.9 views

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

9.2CVSS8.6AI score0.00749EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/10/23 3:23 a.m.6 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.61 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

7.5CVSS6.8AI score0.00693EPSS
Exploits0References2
Rows per page
Query Builder