CVE-2025-62166

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

EUVD-2025-208443

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

EUVD-2021-2354

Malware in sbrugna...

EUVD-2017-12335

Malware in sbrugna...

CVE-2021-43786

Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...

Validation Bypass

github.com/nodebb/nodebb is vulnerable to validation bypass. A malicious user is able to gain master token access to the API due to incorrect token verification logic, resulting in unauthorized access to sensitive information...

CVE-2021-43786

Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...

Code injection

Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...

CVE-2021-43786

NodeBB (NodeBB) is affected by CVE-2021-43786 due to incorrect logic in the token verification step, which could allow a master token to access the API. A fix is available in v1.18.5; upgrading to that version (or later) is advised. The vulnerability affects the API authentication pathway and is ...

NodeBB 授权问题漏洞

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. an authorization issue vulnerability exists in Nodebb, which stems from a faulty token authentication logic in the product, and could be exploited...

Milwaukee ONE-KEY Android mobile application trust management vulnerability

Milwaukee ONE-KEY Android mobile application is an automation tool control program based on the Android platform from Milwaukee Tool. A security vulnerability exists in the Milwaukee ONE-KEY Android mobile application, which originates from the program storing the master token in plaintext in the...

Code injection

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary...

CVE-2017-3214

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary...

CVE-2017-3214

The CVE-2017-3214 entry concerns the Milwaukee ONE-KEY Android app, where the master token is stored in plaintext inside the APK binary. Connected sources corroborate this as part of a broader set of findings in IoT security testing: the master credentials are needed to obtain a bearer token, whi...

CVE-2017-3214

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary...