GHSA-F5C8-M5VW-RMGQ nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

Impact In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoi...

CVE-2025-55278

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

CVE-2025-55278

CVE-2025-55278 affects HCL DevOps Loop. Concrete details across sources show improper authentication in the API authentication middleware, allowing tokens to be accepted without proper validation of expiration or cryptographic signature. Affected component is the API authentication layer; root ca...

Malicious code in axp-api-middleware (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1795 Malicious code in axp-api-middleware (npm)

--- -= Per source details. Do not edit below this line.=-...