Lucene search
+L

455 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/02 4:18 p.m.8 views

CVE-2026-28396

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/02 4:18 p.m.7 views

CVE-2026-28396 NocoDB: Refresh Tokens Not Revoked on Password Reset

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 9:44 a.m.10 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...

9.8CVSS7AI score0.00793EPSS
Exploits1Affected Software1
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.153 views

📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner

WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...

9.8CVSS5.9AI score0.02196EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22223

Name of the Vulnerable Software and Affected Versions Initiative versions prior to 0.32.4 Description Initiative, a self-hosted project management platform, does not invalidate previously issued JWT access tokens after a user changes their password. This allows older tokens to remain valid until...

8.1CVSS5.9AI score0.00369EPSS
Exploits1References11
GithubExploit
GithubExploit
added 2026/02/24 4:20 p.m.159 views

Secure-auth-api

🔐 Secure Auth API — Built → Broken → Fixed A hands-on securit...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

FreePBX 安全漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools developed by the FreePBX project, designed to configure Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 17.0.5 and 16.0.17 contained security vulnerabilities. These...

7.5CVSS5.8AI score0.00296EPSS
Exploits0References5
CVE
CVE
added 2026/02/11 9:5 p.m.22 views

CVE-2026-26010

OpenMetadata CVE-2026-26010 describes a leakage of JWTs through calls to /api/v1/ingestionPipelines from the UI, prior to version 1.11.8. Read-only users could obtain tokens used by the ingestion-bot for services such as Glue, Redshift, and Postgres, enabling access to a highly privileged Ingesti...

7.6CVSS7.3AI score0.00331EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/02/11 2:23 p.m.3 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and...

7.6CVSS5.6AI score0.00331EPSS
Exploits1References2
Fedora
Fedora
added 2026/02/11 1:0 a.m.5 views

[SECURITY] Fedora 42 Update: rust-jsonwebtoken-9.3.1-4.fc42

Create and decode JWTs in a strongly typed way...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005329 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument...

7.5CVSS8.2AI score0.00693EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/09 6:36 p.m.3 views

CVE-2026-1486 Org.keycloak.protocol.oidc.grants: disabled identity providers are still accepted for jwt authorization grant

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.6AI score0.00449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.4AI score0.00393EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/04 9:37 p.m.7 views

EUVD-2026-5332

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.5AI score0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:37 p.m.5 views

CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.5AI score0.00393EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/04 8:6 p.m.11 views

EUVD-2026-5350

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References3
OSV
OSV
added 2026/02/04 8:6 p.m.6 views

CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.5 views

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

9.8CVSS5.5AI score0.02036EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Devtron 安全漏洞

Devtron is an open-source Kubernetes cloud-native tool integration platform developed by Devtron. Versions of Devtron 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper access control in the Attributes API interface, which could lead to the...

8.8CVSS6.6AI score0.00393EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6317

Name of the Vulnerable Software and Affected Versions Devtron versions prior to 2.0.0 Description Devtron is a tool integration platform for Kubernetes. A flaw exists in the Attributes API interface that allows authenticated users to obtain the global API Token signing key by accessing the...

8.7CVSS5.6AI score0.00393EPSS
Exploits1References9
Rows per page
Query Builder