Lucene search
K

4 matches found

CVE
CVE
added yesterday7 views

CVE-2026-10708

CVE-2026-10708 relates to Adalo’s platform where a single request to a minimal leaderboard component can return user records (emails, UUIDs, custom fields) due to a combination of wildcard CORS, long‑lived tokens (about 20 days), and lack of token revocation. Connected documents confirm this is a...

6AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/21 3:0 p.m.9 views

Nginx-UI: Disabled users retain full API access through previously issued bearer tokens

Summary A user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacker who already stole a JWT can continue reading and modifying protected...

8.6CVSS5.8AI score0.00274EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-31945

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without server-side database validation. When a project owner deletes a link share or downgrades its...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References10
Packet Storm News
Packet Storm News
added 2025/12/07 12:0 a.m.2 views

Managed TLS under Migration: Authentication Authority across CDN and Hosting Transitions

Managed TLS has become a common approach for deploying HTTPS, with platforms generating and storing private keys and automating certificate issuance on behalf of domain operators. This model simplifies operational management but shifts control of authentication material from the domain owner to t...

6.8AI score
Exploits0
Rows per page
Query Builder