Lucene search
K

22 matches found

NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2026-12620

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS0.00242EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:59 p.m.6 views

CVE-2026-12620

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5583

Malware in sbrugna...

7.5CVSS7.5AI score0.01203EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-13615

Malware in sbrugna...

9.8CVSS9.2AI score0.02272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-55941

Malicious code in bioql PyPI...

9.6CVSS6.6AI score0.00523EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0931

Malicious code in bioql PyPI...

7.6CVSS6.4AI score0.01145EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-0132

Malicious code in bioql PyPI...

9CVSS8.6AI score0.00846EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/06/30 7:56 p.m.20 views

CVE-2025-52901 File Browser allows sensitive data to be transferred in URL

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...

4.5CVSS0.0049EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/29 3:48 p.m.11 views

CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

8.2CVSS6.7AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:23 a.m.9 views

CVE-2023-43303

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

8.2CVSS6.9AI score0.00529EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-29241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1...

9CVSS7.2AI score0.00846EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/03 12:0 a.m.18 views

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

6.3AI score0.00523EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/02 12:0 a.m.30 views

CVE-2023-39053

An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

7.5AI score0.0062EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.9 views

PT-2023-16006 · Keycloak +1 · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...

6.5CVSS4.8AI score0.00466EPSS
Exploits0References5
OSV
OSV
added 2022/06/14 9:15 p.m.3 views

DEBIAN-CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

8.8CVSS7.7AI score0.00846EPSS
Exploits0References1
CVE
CVE
added 2022/06/14 8:40 p.m.908 views

CVE-2022-29241

CVE-2022-29241 affects Jupyter Server (backend for Jupyter web apps) prior to 1.17.1. If notebook_server is started with root_dir containing the starting user’s home directory, an authenticated user can leak the start-time access token via the REST API by guessing/brute-forcing the server PID. Th...

9CVSS7.5AI score0.00846EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/14 8:40 p.m.9 views

CVE-2022-29241 Known or guessable hidden files may be accessed in Jupyter Server

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

7.1CVSS8.3AI score0.00846EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/06/14 8:40 p.m.23 views

CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

9CVSS8.5AI score0.00846EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.6 views

Jonathan Carter gistpad 安全漏洞

Jonathan Carter gistpad is an application open-sourced by Jonathan Carter. A Visual Studio Code extension that makes it easy to edit GitHub Gist and repositories from your favorite editor. A security vulnerability exists in GistPad before 0.2.7 that allows a crafted workspace folder to change the...

5.3CVSS5.8AI score0.00944EPSS
Exploits0References3
CVE
CVE
added 2019/02/07 4:0 p.m.50 views

CVE-2019-4008

CVE-2019-4008 affects IBM API Connect V2018.1–2018.4.1.1. The issue is an access token leak where authorization tokens in some URLs could be written to log files, enabling disclosure of credentials. Affected product: IBM API Connect (API Management) 2018.x. Root cause: tokens exposed via logging ...

9.8CVSS8.8AI score0.02272EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder