Lucene search
+L

106 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5766

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00927EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-51431

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00707EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3925

Malicious code in bioql PyPI...

5CVSS6.6AI score0.02424EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-1296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This...

6.5CVSS5.5AI score0.0046EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.11 views

The vulnerability of Nomad application orchestrators, related to the disclosure of information through registration files, allows attackers to gain access to the client’s secret token.

The vulnerability of Nomad application orchestrators is related to the disclosure of information through registration files. Exploiting this vulnerability can allow a remote attacker to gain access to the client’s secret token...

6.8CVSS5.5AI score0.0046EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/05/27 3:15 p.m.3 views

DEBIAN-CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

8.2CVSS5.2AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/27 3:3 p.m.24 views

CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

8.2CVSS0.00271EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 p.m.3 views

CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

5.5CVSS5.2AI score0.00707EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 a.m.12 views

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.5AI score0.00927EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/10 6:31 p.m.24 views

Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS7AI score0.0046EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/10 6:15 p.m.10 views

UBUNTU-CVE-2025-1296

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS5.8AI score0.0046EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/10 6:2 p.m.19 views

CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS0.0046EPSS
Exploits0References1
OSV
OSV
added 2025/03/10 6:2 p.m.9 views

CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS6.6AI score0.0046EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:13 a.m.25 views

BIT-GITLAB-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

5.5CVSS5.3AI score0.00707EPSS
Exploits1References4
OSV
OSV
added 2024/02/06 6:15 p.m.8 views

CVE-2023-40545

Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...

9.8CVSS5.8AI score0.00933EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.8 views

PT-2024-12897 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX version 11.3 Description: The issue is related to authentication bypass when an OAuth2 Client uses client secret jwt as its authentication method. This can be exploited via specially crafted requests. Recommendations: For version...

9.8CVSS9.3AI score0.00933EPSS
Exploits0References7
OSV
OSV
added 2023/10/26 7:15 p.m.3 views

CVE-2023-31416

Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...

5.3CVSS5.8AI score0.00364EPSS
Exploits0References2
NVD
NVD
added 2023/10/26 7:15 p.m.22 views

CVE-2023-31416

Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...

5.3CVSS5.2AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2023/10/26 6:46 p.m.83 views

CVE-2023-31416

The CVE-2023-31416 issue affects Elastic Cloud on Kubernetes (ECK) before 2.8 when used with APM Server 8.0 or later. The root cause is that the secret token configuration is not applied, which could allow anonymous requests to be accepted and lead to data ingestion into the APM deployment. Affec...

5.3CVSS5.2AI score0.00364EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.16 views

PT-2023-23309 · Elastic · Apm Server +1

Name of the Vulnerable Software and Affected Versions: ECK versions prior to 2.8 APM Server versions 8.0 and later Description: The secret token configuration is not applied when using ECK with a version less than 2.8 alongside an APM Server version 8.0 or greater. This could lead to anonymous...

5.3CVSS7.2AI score0.00364EPSS
Exploits0References6
Rows per page
Query Builder