Lucene search
+L

136 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-34995

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc preparse xdr yfs rxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "reject token:" case...

5.3AI score0.00121EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/23 3:7 p.m.6 views

DNS Rebinding

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to DNS Rebinding in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

5.3CVSS5.4AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 2:33 p.m.6 views

JLSEC-2026-94

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

9.1CVSS6.9AI score0.01863EPSS
Exploits0References5
OSV
OSV
added 2026/04/13 8:35 a.m.9 views

SUSE-SU-2026:1293-1 Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.283 fixes various security issues The following security issues were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255235. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on...

7.8CVSS5.8AI score0.00204EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.6 views

CVE-2026-3475

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

5.3CVSS6.1AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 10:0 p.m.3 views

CVE-2026-32730 ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

8.1CVSS5.8AI score0.00362EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.9 views

Keycloak < 26.5.4 Multiple Vulnerabilities

Keycloak versions installed prior to 26.5.4 are affected by multiple vulnerabilities, including: - The Keycloak Authorization header parser is overly permissive regarding the formatting of the 'Bearer' authentication scheme. It accepts non-standard characters such as tabs as separators and...

5.3CVSS5.7AI score0.00502EPSS
Exploits0References6
Drupal
Drupal
added 2026/02/25 12:0 a.m.16 views

CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which can lead to the CAPTCHA being bypassed on subsequent submissions. This vulnerability is mitigated...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.10 views

AliasVault 安全漏洞

AliasVault is an open-source password manager developed by AliasVault. Versions of AliasVault prior to 0.25.3 contained a security vulnerability. This vulnerability stemmed from incorrect handling of parameters such as accessToken, refreshToken, metadata, keyderivationparams, and authMethods in t...

2.5CVSS5.8AI score0.00099EPSS
Exploits0References9
NVD
NVD
added 2026/01/21 6:15 a.m.12 views

CVE-2026-1035

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS0.00282EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : krb5-1.21.1-2.el9_4 (AXSA:2024-8746:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8746:04 advisory. krb5: GSS message token handling CVE-2024-37371 krb5: GSS message token handling CVE-2024-37370 Tenable has extracted the preceding description bloc...

9.1CVSS7.4AI score0.01863EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.6 views

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS6.9AI score0.00646EPSS
Exploits1References1
Veracode
Veracode
added 2026/01/05 11:41 a.m.6 views

Incorrect Authorization

org.apache.streampipes:streampipes-parent is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw in the user ID creation and JWT handling mechanism, which allows a non-administrator attacker to manipulate tokens and swap usernames with an administrator, thereby gaining full...

8.1CVSS6.9AI score0.14786EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/27 1:15 p.m.4 views

CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

8.1CVSS0.00564EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: krb5 (TSSA-2024:0399)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0399 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS7.4AI score0.01863EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988779 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is...

7.8CVSS6.1AI score0.00244EPSS
Exploits0References4
CVE
CVE
added 2025/11/03 8:2 a.m.19 views

CVE-2025-12623

CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...

3.1CVSS6.3AI score0.00344EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7919

Malware in sbrugna...

8.8CVSS8.8AI score0.01126EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-13380

Malware in sbrugna...

8.6CVSS8.8AI score0.00651EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26683

Malware in sbrugna...

9.1CVSS9AI score0.0104EPSS
Exploits0References3
Rows per page
Query Builder