603 matches found
CVE-2025-12623
CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...
CVE-2025-36249
IBM Jazz for Service Management versions 1.1.3.0–1.1.3.25 do not set the Secure attribute on authorization tokens or session cookies, enabling potential cookie theft via http links or injected sites. Remediation per IBM/Red Hat entries: upgrade to JazzSM 1.1.3.26 (1.1.3-TIV-JazzSM-multi-FP026). A...
CVE-2024-13999
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory AD or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromi...
PT-2025-44424
Name of the Vulnerable Software and Affected Versions 2nd Line Android App versions v1.2.92 and earlier Description The 2nd Line Android App has an issue with how it controls access during authentication. The server only checks the first character of the user token, which allows attackers to gues...
CVE-2025-60425
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...
Oxford Nanopore Technologies MinKNOW 安全漏洞
Oxford Nanopore Technologies MinKNOW is a data acquisition control and monitoring software from Oxford Nanopore Technologies, UK. A security vulnerability exists in Oxford Nanopore Technologies MinKNOW versions prior to 24.11, which stems from an authentication token stored in the system temporar...
CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi
Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...
CVE-2025-62176
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-11645
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical...
CVE-2025-62176
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
Mastodon 安全漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from an event where the stream server accepts service for a public timeline usin...
CVE-2025-11645
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical...
CVE-2025-11645
CVE-2025-11645 (Tomofun Furbo Mobile App) affects Android versions up to 7.57.0a, arising from insecure storage in the Authentication Token Handler. The issue may allow information disclosure on a physical device; the exploit has been publicly disclosed. Multiple connected sources (including PT-2...
EUVD-2025-33908
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical...
CVE-2025-11645 Tomofun Furbo Mobile App Authentication Token sensitive information
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical...
Tomofun Furbo Mobile App 安全漏洞
Tomofun Furbo Mobile App is a mobile application for pet cameras from Tomofun, a Taiwan, China-based company. A security vulnerability exists in Tomofun Furbo Mobile App version 7.57.0a and prior versions, which originates from the component Authentication Token Handler insecurely storing sensiti...
CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
EUVD-2025-33321
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
EUVD-2021-21454
Malware in sbrugna...
EUVD-2017-9313
Malware in sbrugna...