Lucene search
K

71 matches found

CVE
CVE
added 2026/07/01 1:18 p.m.17 views

CVE-2026-13603

CVE-2026-13603 affects the pretix-oppwa payment integration. The vulnerability arises from insecure handling of Oppwa’s API URL: the code concatenated resourcePath from the return URL to baseUrl without validation and without a trailing slash, enabling an attacker to redirect the API call to a di...

10CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.6AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 11:1 a.m.74 views

CVE-2026-7571

Keycloak vulnerability CVE-2026-7571 allows a low-privilege user with knowledge of user credentials and client ID to bypass a security control that disables implicit flow in OpenID Connect clients. By manipulating forged client data during a session restart, an attacker can obtain an access token...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.24 views

CVE-2023-43304

An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

8.2CVSS6.9AI score0.00546EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.7 views

CVE-2023-43299

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.3CVSS6.9AI score0.00508EPSS
Exploits1References1
OSV
OSV
added 2025/08/09 2:2 a.m.28 views

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

7.1CVSS6.7AI score0.00364EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/08 5:4 p.m.10 views

The AuthKit React Router Library rendered sensitive auth data in HTML

In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...

7.1CVSS6AI score0.00364EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/30 5:44 p.m.16 views

File Browser allows sensitive data to be transferred in URL

Summary URLs that are accessed by a user are commonly logged in many locations, both server- and client-side. It is thus good practice to never transmit any secret information as part of a URL. The Filebrowser violates this practice, since access tokens are used as GET parameters. Impact The JSON...

6.5CVSS5.7AI score0.0049EPSS
Exploits1References7Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.8 views

CVE-2023-48133

An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS6.9AI score0.00359EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:41 a.m.9 views

CVE-2023-48131

An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS6.9AI score0.00359EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.10 views

CVE-2023-44000

An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS6.9AI score0.0036EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.9 views

CVE-2023-45560

An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token...

7.5CVSS6.9AI score0.00693EPSS
Exploits1
Veracode
Veracode
added 2024/11/20 3:42 a.m.9 views

Access Token Leakage

Duende.AccessTokenManagement.OpenIdConnect is vulnerable to access token leakage. The vulnerability is due to improper token isolation within the HTTP client pool, where a refreshed access token is not properly isolated and may be captured by pooled HttpClient instances, allowing an attacker to...

5.4CVSS6.8AI score0.00221EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/03 8:15 p.m.22 views

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

9.6CVSS6.3AI score0.00523EPSS
Exploits0References2
NVD
NVD
added 2024/01/26 8:15 a.m.12 views

CVE-2023-48129

An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.14 views

CVE-2023-48135

An issue in mimasakafarm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.9 views

CVE-2023-48132

An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.26 views

CVE-2023-48128

An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.19 views

CVE-2023-48131

An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2024/01/26 7:15 a.m.26 views

CVE-2023-48126

An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00359EPSS
Exploits1References1
Rows per page
Query Builder