220 matches found
Improper Authentication
Overview Flask-HTTPAuth is a HTTP authentication for Flask routes Affected versions of this package are vulnerable to Improper Authentication in the token verification process. An attacker can gain unauthorized access by submitting a request with a missing or empty token if the application stores...
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...
CVE-2025-69238
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...
EUVD-2026-14502
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php...
GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
CVE-2026-33716
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...
CVE-2026-33716
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...
CVE-2026-33716
WWBN AVideo v2/3 up to 26.0 (open source video platform) is affected by a flaw in the standalone live stream control endpoint plugin/Live/standAloneFiles/control.json.php. The user-supplied streamerURL can override token verification requests, enabling an attacker to redirect verification to a ma...
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...
PT-2026-27190
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that allows...
WWBN AVideo 授权问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the standAloneFiles/control.json.php endpoint, which allowed users to control the streamerURL...
PT-2026-26070
Name of the Vulnerable Software and Affected Versions KiviCare – Clinic & Patient Management System EHR plugin for WordPress versions up to and including 4.1.2 Description The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is susceptible to Authentication Bypass. This occu...
CVE-2026-27962
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK JSON Web Key Header Injection, affects how Authlib verifies digital signatures in JWS JSON Web Signature tokens. An attacker can exploit this by creati...
CVE-2025-69238
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...
CVE-2025-69238
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...
CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...
Authlib 安全漏洞
Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the OpenID Connect ID token verification logic,...