CVE-2026-46407 Vvveb: admin/auth-token IDOR allows unauthorized disclosure of administrator REST API tokens

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...

PT-2023-15694 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0p1 through 2.0.0p28 Checkmk versions 2.1.0p1 through 2.1.0p10 Description: The issue arises from the insecure termination of expired sessions in the RestAPI, allowing an attacker to utilize expired session tokens for...