Lucene search
+L

220 matches found

snyk
snyk
added 2026/03/31 11:48 p.m.4 views

Improper Authentication

Overview Flask-HTTPAuth is a HTTP authentication for Flask routes Affected versions of this package are vulnerable to Improper Authentication in the token verification process. An attacker can gain unauthorized access by submitting a request with a missing or empty token if the application stores...

8.3CVSS5.7AI score0.00324EPSS
Exploits0References2
gitlab
gitlab
added 2026/03/31 12:0 a.m.12 views

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...

8.2CVSS5.9AI score0.00324EPSS
Exploits0References6Affected Software1
redhatcve
redhatcve
added 2026/03/26 3:14 p.m.8 views

CVE-2025-69238

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS5.8AI score0.00121EPSS
Exploits0References1
euvd
euvd
added 2026/03/25 9:28 p.m.9 views

EUVD-2026-14502

AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References3
osv
osv
added 2026/03/25 9:28 p.m.19 views

GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4
github
github
added 2026/03/25 9:28 p.m.16 views

AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2026/03/23 7:16 p.m.14 views

CVE-2026-33716

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS0.00437EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/23 6:46 p.m.4 views

CVE-2026-33716

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References3Affected Software1
cve
cve
added 2026/03/23 6:46 p.m.22 views

CVE-2026-33716

WWBN AVideo v2/3 up to 26.0 (open source video platform) is affected by a flaw in the standalone live stream control endpoint plugin/Live/standAloneFiles/control.json.php. The user-supplied streamerURL can override token verification requests, enabling an attacker to redirect verification to a ma...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/03/23 6:46 p.m.25 views

CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS0.00437EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/23 6:46 p.m.2 views

CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References2
osv
osv
added 2026/03/23 6:46 p.m.7 views

CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS5.9AI score0.00437EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/03/23 12:0 a.m.10 views

PT-2026-27190

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that allows...

9.4CVSS5.7AI score0.00437EPSS
Exploits1References10
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.10 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the standAloneFiles/control.json.php endpoint, which allowed users to control the streamerURL...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/18 12:0 a.m.13 views

PT-2026-26070

Name of the Vulnerable Software and Affected Versions KiviCare – Clinic & Patient Management System EHR plugin for WordPress versions up to and including 4.1.2 Description The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is susceptible to Authentication Bypass. This occu...

9.8CVSS6AI score0.00434EPSS
Exploits1References10
redhatcve
redhatcve
added 2026/03/16 7:19 p.m.4 views

CVE-2026-27962

A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK JSON Web Key Header Injection, affects how Authlib verifies digital signatures in JWS JSON Web Signature tokens. An attacker can exploit this by creati...

9.1CVSS5.8AI score0.00548EPSS
Exploits1References6
nvd
nvd
added 2026/03/16 2:18 p.m.4 views

CVE-2025-69238

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS0.00121EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/16 11:53 a.m.7 views

CVE-2025-69238

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS5.8AI score0.00217EPSS
Exploits0References3
osv
osv
added 2026/03/16 11:53 a.m.5 views

CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS6AI score0.00217EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/16 12:0 a.m.10 views

Authlib 安全漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the OpenID Connect ID token verification logic,...

8.2CVSS7.3AI score0.00226EPSS
Exploits1References4
Rows per page
Query Builder