Lucene search
K

117 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-56224

Capgo: vulnerability in console.capgo.app/login prior to version 12.128.2 allows access_token and refresh_token to be accepted in URL query parameters, leading to automatic user authentication without user confirmation. Practically, an attacker can craft a malicious link that lures a victim into ...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 3:16 p.m.12 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 9:30 a.m.13 views

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 9:30 a.m.10 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/29 9:12 a.m.14 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Red Hat Quay 安全漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has a security vulnerability; this vulnerability stems from the fact that GitLab’s OAuth verifier transmits sensitive credentials as plain-text parameters in URL queries, which may lead to...

2.7CVSS5.8AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.13 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

7.5CVSS5.9AI score0.00421EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.8 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00421EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.15 views

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

7.5CVSS5.9AI score0.00421EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42177

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.4.0 through 1.0.x Description An authorization bypass occurs due to user-controlled keys, allowing cross-session PubSub topic injection via a URL query parameter. The function handle params/3 in...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References11
OSV
OSV
added 2026/05/14 4:33 p.m.3 views

GHSA-JVP4-Q659-95MJ Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/27 6:15 p.m.4 views

CVE-2026-7147

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.baseurl results in server-side request forgery. Remote...

7.5CVSS7AI score0.00278EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 4:1 p.m.4 views

CVE-2026-34969 Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers,...

2.3CVSS5.9AI score0.00267EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 4:1 p.m.36 views

CVE-2026-34969 Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers,...

2.3CVSS0.00267EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/01 11:36 p.m.8 views

Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback

Refresh Token Leaked via URL Query Parameter in OAuth Provider Callback Summary The auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer...

7.5CVSS6.1AI score0.00267EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/01 9:12 p.m.5 views

Use of GET Request Method With Sensitive Query Strings

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

8.7CVSS5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.3 views

RHEL 10 : yggdrasil-worker-package-manager (RHSA-2026:5145)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:5145 advisory. yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disab...

7.5CVSS5.9AI score0.01945EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

9.1CVSS5.8AI score0.15339EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

SAP Business One Job Service 跨站脚本漏洞

SAP Business One Job Service is a service component of SAP's Enterprise Resource Planning ERP system for scheduling and executing tasks in the background. A cross-site scripting vulnerability exists in SAP Business One Job Service. The vulnerability stems from the lack of effective filtering and...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 12:0 a.m.10 views

ALSA-2026:3839 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...

10CVSS5.8AI score0.01945EPSS
Exploits3References8
Rows per page
Query Builder