Flask App Builder 授权问题漏洞

Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. An authorization issue vulnerability exists in Flask App Builder versions prior to 4.8.1, which stems from not disabling the password reset feature when using a non-database...

CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...

Linux Distros Unpatched Vulnerability : CVE-2021-22190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token CVE-2021-22190 Note that Nessus...

CVE-2025-51054

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...

CVE-2025-51054

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...

CVE-2025-51054

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...

CVE-2025-51054

Vedo Suite 2024.17 is affected by an Incorrect Access Control vulnerability that lets remote attackers obtain a valid high‑privilege JWT token without authentication by sending an empty POST to the /autologin/ endpoint. The issue’s impact is elevated privileges via a JWT; affected software is Ved...

CVE-2025-0249

HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without authorization...

CVE-2025-0249

CVE-2025-0249 affects HCL IEM with an improper invalidation of access or JWT tokens. The root cause is a token not being invalidated, potentially allowing unauthorized access to sensitive data. Public details in the provided documents indicate information disclosure risk (confidentiality impact) ...

Improper Session Expiration

github.com/filebrowser/filebrowser is vulnerable to Improper Session Expiration.The vulnerability is due to the authentication system issuing long-lived JWT tokens that remain valid even after user logout, which allows an attacker to reuse tokens and gain unauthorized access to user sessions...

File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

GHSA-7XWP-2CPP-P8R7 File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

GHSA-W4XV-MJ6V-P4G2 Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

CVE-2025-53678 affects Jenkins User1st uTester Plugin versions 1.1 and earlier. The vulnerability is that the uTester JWT token is stored unencrypted in the plugin’s global configuration file on the Jenkins controller, allowing any user with access to the controller’s filesystem to view the token...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...