Lucene search
K

26 matches found

Nuclei
Nuclei
added yesterday71 views

Flowise <= 3.0.5 - Account Takeover

Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned valid reset tokens without authentication—allowing attackers to reset passwords and take over accounts. id: CVE-2025-58434 info: name: Flowise = 3.0.5 - Account Takeover author:...

9.8CVSS6.7AI score0.50118EPSS
Exploits14References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55883 Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
CVE
CVE
added 4 days ago25 views

CVE-2026-55883

Tilt HUD WebSocket (/ws/view) in Tilt is affected from 0.24.0 through 0.37.3. CSRF-protected, but the token is served from an unauthenticated /api/websocket_token endpoint and the upgrader accepts connections without an Origin header, enabling network-reachable attackers to read session state, Ti...

8.3CVSS6.2AI score0.00222EPSS
Exploits0References4
OSV
OSV
added last week5 views

CVE-2026-46354 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5196 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder

Coder: PKCS7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder...

9.1CVSS5.8AI score0.0026EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:23 p.m.4 views

CVE-2026-5749

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/22 1:23 p.m.15 views

CVE-2026-5749

CVE-2026-5749 concerns Fullstep V5, where inadequate access control in the registration flow could let unauthenticated users obtain a valid JWT token to access authenticated API resources. This could compromise confidentiality of affected resources when a valid token is presented. The CVSS 4.0 ba...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/14 6:50 a.m.152 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

CVE-2025-58434CVE-2025-59528 CVE-2025-58434 Flowise = 3...

10CVSS5.9AI score0.90183EPSS
Exploits29
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-32022

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS5.8AI score0.00426EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32301

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

9.3CVSS5.8AI score0.00258EPSS
Exploits1References1
NVD
NVD
added 2026/03/03 10:16 p.m.11 views

CVE-2026-24898

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS0.00555EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/02 1:1 p.m.6 views

CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft

On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...

9.3CVSS6AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 11:48 p.m.4 views

CVE-2026-27804 Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing...

9.3CVSS5.9AI score0.00176EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.8 views

CVE-2025-11723

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/06 3:21 a.m.39 views

CVE-2025-11723 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...

6.5CVSS0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/02 3:28 p.m.6 views

EUVD-2025-206136

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...

9.1CVSS6.4AI score0.00492EPSS
Exploits1References4
NVD
NVD
added 2025/12/02 7:15 p.m.6 views

CVE-2025-66454

Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can...

6.5CVSS0.00281EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/18 10:30 p.m.7 views

WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability

Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...

5.3CVSS7AI score0.00277EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/18 3:41 a.m.5 views

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

9.9CVSS7.1AI score0.00649EPSS
Exploits0References1
NVD
NVD
added 2025/10/17 4:16 a.m.4 views

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

9.9CVSS0.00649EPSS
Exploits0References1
Rows per page
Query Builder