CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...

9.1CVSS6.6AI score0.00253EPSS

Exploits0References1

Veracode•added 2024/03/05 9:34 a.m.•12 views

Information Disclosure

@sentry/react-native is vulnerable to Information Disclosure. The vulnerability is due to allowing auth tokens to be set in the optional authToken configuration parameter. This flaw potentially leads to Information Disclosure when built into the application bundle and published...

6.8AI score

Exploits0

Github Security Blog•added 2024/03/01 4:57 p.m.•23 views

Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...

6.9AI score

Exploits0References4Affected Software1

OSV•added 2024/03/01 4:57 p.m.•12 views

GHSA-68C2-4MPX-QH95 Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

6.9AI score

Exploits0References4

NVD•added 2023/09/27 3:19 p.m.•26 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS5.6AI score0.00066EPSS

Exploits0References1

Positive Technologies•added 2023/09/26 12:0 a.m.•2 views

PT-2023-28159 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7203 Description: The issue allows 2FA bypass for AuthToken generation in REST APIs. Recommendations: For versions prior to 7203, update to version 7203 or later to resolve the issue. As a...

5.4CVSS5.3AI score0.00066EPSS

Exploits0References4

OSV•added 2023/09/15 9:15 p.m.•1 views

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS5.5AI score0.00113EPSS

Exploits0References3

Prion•added 2023/09/15 9:15 p.m.•18 views

Authentication flaw

5CVSS7.7AI score0.00113EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2023/02/15 12:4 p.m.•33 views

CVE-2023-0813

7.5CVSS2.4AI score0.00113EPSS

Exploits0References3

Tenable Nessus•added 2023/01/25 12:0 a.m.•26 views

Siemens Desigo PXC and DXR Devices Insufficient Session Expiration (CVE-2022-24042)

9.1CVSS8AI score0.00253EPSS

Exploits0References3

Cvelist•added 2022/12/15 11:56 p.m.•19 views

CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

4.3CVSS4.7AI score0.0017EPSS

Exploits0References3

OSV•added 2022/12/15 11:56 p.m.•17 views

CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

4.3CVSS4.9AI score0.0017EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by