Lucene search
K

595 matches found

Cvelist
Cvelist
added 2026/01/21 9:18 p.m.18 views

CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...

5.5CVSS0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/21 9:18 p.m.4 views

CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...

5.5CVSS5.5AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3770

Name of the Vulnerable Software and Affected Versions Dataease versions prior to 2.10.19 Description Dataease, an open source data visualization analysis tool, is susceptible to an account takeover issue. The tool utilizes the MD5 hash of a user’s password as the JWT signing secret. This...

9.8CVSS5.4AI score0.00475EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3748

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.78.2 Fleet versions 4.53.3 through 4.77.1 Fleet versions 4.75.2 Fleet versions 4.76.2 Description Fleet, an open-source device management software, contains a cross-site scripting XSS flaw in its Windows MDM...

5.5CVSS5.1AI score0.00209EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.12 views

CVE-2026-0519

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system...

4.6CVSS6.9AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/01/17 2:15 a.m.5 views

CVE-2026-0519

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system...

3.4CVSS5.8AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 2:15 a.m.10 views

CVE-2026-0519

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system...

4.6CVSS0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/17 1:13 a.m.6 views

EUVD-2026-3161

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system...

4.6CVSS6.5AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/01/17 1:13 a.m.13 views

CVE-2026-0519

CVE-2026-0519 : In Secure Access 12.70 and earlier than 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. This could allow any party with access to those logs to read the token and reuse it to access an integrated system. The provided ...

4.6CVSS6.6AI score0.0012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/17 1:13 a.m.22 views

CVE-2026-0519 Information Disclosure in Secure Access Between 12.70 and 14.20

In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system...

4.6CVSS0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.7 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

7.5CVSS7.1AI score0.00478EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 2:16 p.m.6 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

7.5CVSS0.00478EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:14 p.m.4 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

7.5CVSS5.5AI score0.00478EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/15 1:14 p.m.22 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

5.3CVSS0.00478EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : sssd-1.5.1-34.AXS4.3 (AXSA:2011-634:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-634:01 advisory. Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a...

2.1CVSS5.5AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2026/01/12 4:12 p.m.9 views

GHSA-2MQ9-HM29-8QCH Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...

8.6CVSS6.3AI score0.00207EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.10 views

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

5.9CVSS6.9AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.21 views

CVE-2017-18178

Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1...

6.1CVSS6.9AI score0.02338EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.22 views

CVE-2022-23555

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

9.4CVSS6.6AI score0.00884EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.8 views

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

8.8CVSS7AI score0.01846EPSS
Exploits0References1
Rows per page
Query Builder