Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.4AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18087

Malware in sbrugna...

7.5CVSS7.5AI score0.01851EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.30 views

EUVD-2023-28821

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00713EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-41796

Malicious code in bioql PyPI...

6.5CVSS6AI score0.00622EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42684

Malicious code in bioql PyPI...

7CVSS6.3AI score0.00417EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2019-0745

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.13836EPSS
Exploits0References27
RedhatCVE
RedhatCVE
added 2025/06/01 2:47 p.m.7 views

CVE-2025-3230

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previous...

5.4CVSS6.9AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.8 views

CVE-2024-31842

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded ...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:49 a.m.11 views

CVE-2019-13337

In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter accesstoken this is the parameter used by the API. No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is...

7.5CVSS7.1AI score0.01405EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.6 views

PT-2025-20553 · Ubiquiti · Unifi Protect Application

Name of the Vulnerable Software and Affected Versions: Unifi Protect Application versions 5.3.41 and earlier Description: The issue is related to a misconfigured access token mechanism in the Share Livestream feature of the Unifi Protect Application. This could allow an unauthorized user to...

4.9CVSS4.6AI score0.00297EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/02/08 4:52 a.m.6 views

CVE-2025-24805

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted...

8.5CVSS6.6AI score0.00333EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/02 9:49 p.m.7 views

CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

4.6AI score0.00771EPSS
Exploits1References1
OSV
OSV
added 2021/09/27 7:15 a.m.6 views

CVE-2021-41580

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

5.3CVSS5.3AI score
Exploits0References3
Rows per page
Query Builder