22 matches found
CVE-2026-12620
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
CVE-2026-12620
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
EUVD-2019-5583
Malware in sbrugna...
EUVD-2019-13615
Malware in sbrugna...
EUVD-2023-55941
Malicious code in bioql PyPI...
EUVD-2022-0931
Malicious code in bioql PyPI...
EUVD-2022-0132
Malicious code in bioql PyPI...
CVE-2025-52901 File Browser allows sensitive data to be transferred in URL
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...
CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2023-43303
An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
Linux Distros Unpatched Vulnerability : CVE-2022-29241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
CVE-2023-39053
An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages...
PT-2023-16006 · Keycloak +1 · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...
DEBIAN-CVE-2022-29241
Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...
CVE-2022-29241
CVE-2022-29241 affects Jupyter Server (backend for Jupyter web apps) prior to 1.17.1. If notebook_server is started with root_dir containing the starting user’s home directory, an authenticated user can leak the start-time access token via the REST API by guessing/brute-forcing the server PID. Th...
CVE-2022-29241 Known or guessable hidden files may be accessed in Jupyter Server
Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...
CVE-2022-29241
Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...
Jonathan Carter gistpad 安全漏洞
Jonathan Carter gistpad is an application open-sourced by Jonathan Carter. A Visual Studio Code extension that makes it easy to edit GitHub Gist and repositories from your favorite editor. A security vulnerability exists in GistPad before 0.2.7 that allows a crafted workspace folder to change the...
CVE-2019-4008
CVE-2019-4008 affects IBM API Connect V2018.1–2018.4.1.1. The issue is an access token leak where authorization tokens in some URLs could be written to log files, enabling disclosure of credentials. Affected product: IBM API Connect (API Management) 2018.x. Root cause: tokens exposed via logging ...