9 matches found
CVE-2026-45223
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...
Weak Password Recovery Mechanism for Forgotten Password
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword process. An attacker can gain unauthorized access to any user account,...
Crabbox 安全漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from a certification bypass in the coordinator’s user token verification process. The...
EUVD-2026-14502
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php...
GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
CVE-2026-33716
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...
Privilege Escalation
authlib is vulnerable to Privilege Escalation. The vulnerability is due to accepting tokens with unknown crit headers, where Authlib violates RFC 7515 rules, allowing attackers to craft signed tokens that bypass strict verifiers and potentially enable policy bypass or privilege escalation...
The vulnerability of the NMI component of the authentication management software in Kubernetes clusters – AAD Pod Identity – involves bypassing the verification token, allowing attackers to elevate their privileges.
The vulnerability of the NMI component in the Kubernetes AAD Pod Identity authentication management tool is related to errors in token assignment restrictions. Exploiting this vulnerability can allow attackers to increase their privileges...