95 matches found
CVE-2026-44882
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...
Budibase 代码问题漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained code-related vulnerabilities. These vulnerabilities stemmed from the OAuth2 tok...
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'
The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'
The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...
[SECURITY] Fedora 43 Update: python-msal-1.36.0-1.fc43
The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...
Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui
CVE-2026-27944 POC: Nginx UI Unauthenticated Backup Download +...
CVE-2026-3266
Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2...
CVE-2026-3432
On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...
CVE-2025-13457
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69416
In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve other tokens intended for unrelated access via clients.plex.tv/devices.xml...
CVE-2024-47570
CVE-2024-47570 describes a log-file information disclosure flaw in Fortinet products where a read-only administrator could retrieve API tokens of other admins by observing REST API logs when logging is enabled. Affected: FortiOS (versions 7.4.0–7.4.3, 7.2.0–7.2.7, 7.0.x), FortiProxy (7.4.0–7.4.3,...
CVE-2025-64706
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
EUVD-2025-175346
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
Typebot 安全漏洞
Typebot is an open source chatbot builder by the individual developer Baptiste Arnaud. A security vulnerability exists in Typebot version 3.9.0 up to and including version 3.13.0, which stems from the presence of an insecure direct object reference in the API token management endpoint, which coul...
EUVD-2018-5080
Malware in sbrugna...
EUVD-2014-0092
Malware in sbrugna...
EUVD-2018-5081
Malware in sbrugna...
EUVD-2018-3372
Malware in sbrugna...