Lucene search
K

12 matches found

Snyk
Snyk
โ€ขadded 2026/05/18 9:0 p.m.โ€ข9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข5 views

EUVD-2021-8687

Malicious code in bioql PyPI...

8.2CVSS7.4AI score0.01546EPSS
Exploits0References19
RedHat Linux
RedHat Linux
โ€ขadded 2025/05/13 5:18 p.m.โ€ข5 views

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References7
RedHat Linux
RedHat Linux
โ€ขadded 2025/03/25 7:18 a.m.โ€ข3 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
Vulnrichment
Vulnrichment
โ€ขadded 2025/02/26 3:7 a.m.โ€ข13 views

CVE-2025-22868 Unexpected memory consumption during token parsing in golang.org/x/oauth2

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

7.4AI score0.00804EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2025/02/24 11:15 p.m.โ€ข8 views

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
Code423n4
Code423n4
โ€ขadded 2022/07/04 12:0 a.m.โ€ข17 views

Zero strike call options can be systemically used to steal premium from the taker

Lines of code Vulnerability details Some non-malicious ERC20 do not allow for zero amount transfers and order.baseAsset can be such an asset. Zero strike calls are valid and common enough derivative type. However, the zero strike calls with such baseAsset will not be able to be exercised, allowin...

6.7AI score
Exploits0
Hacker One
Hacker One
โ€ขadded 2022/05/24 7:37 p.m.โ€ข12 views

Kubernetes: Bypass validation parts in AWS IAM Authenticator for Kubernetes

Multiple bypasses were discovered in AWS IAM Authenticator for Kubernetes. An attacker could craft a token without a signed cluster ID header and use it for replay attacks, manipulate the extracted AccessKeyID to gain higher permissions in the cluster, and send a request to other action values...

7.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/02/17 12:0 a.m.โ€ข10 views

Turbo Safe's can be created with malicious tokens

Lines of code Vulnerability details Impact In TurboMaster.sol the createSafe function is called when the user calls a function with the same name in the TurboRouter.sol file. It then creates a new Turbo Safe with an arbitrary token supplied by the user. Since there is no whitelist of acceptable...

7AI score
Exploits0
Prion
Prion
โ€ขadded 2018/10/18 10:29 p.m.โ€ข16 views

Information disclosure

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication token...

2.1CVSS5.8AI score0.00442EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
โ€ขadded 2005/12/23 1:0 a.m.โ€ข23 views

CVE-2005-4514

The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and...

6.5AI score0.01559EPSS
Exploits0References6
Positive Technologies
Positive Technologies
โ€ขadded 2005/12/23 12:0 a.m.โ€ข6 views

PT-2005-5196 ยท Webwasher ยท Webwasher Csm Appliance Suite

Name of the Vulnerable Software and Affected Versions: Webwasher CSM Appliance Suite version 5.x Description: The encapsulation script mechanism in the affected software uses case-sensitive detection of malicious tokens. This allows attackers to bypass script detection by using tokens that can be...

5CVSS7.2AI score0.01559EPSS
Exploits0References7
Rows per page
Query Builder