Lucene search
+L

4 matches found

cve
cve
added 2026/07/08 2:5 p.m.11 views

CVE-2026-10708

CVE-2026-10708 — Summary (Adalo platform) Affected: Adalo’s database API across V1/V2 applications (notably via a minimal leaderboard component). Root cause: Wildcard Cross‑Origin Resource Sharing (CORS), long‑lived JWTs (~20 days) stored client‑side, and absence of token revocation/ownership che...

7.5CVSS6AI score0.00158EPSS
Exploits0References1
github
github
added 2026/04/21 3:0 p.m.11 views

Nginx-UI: Disabled users retain full API access through previously issued bearer tokens

Summary A user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacker who already stole a JWT can continue reading and modifying protected...

8.6CVSS5.8AI score0.00274EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.11 views

PT-2026-31945

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without server-side database validation. When a project owner deletes a link share or downgrades its...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References10
packetstormnews
packetstormnews
added 2025/12/07 12:0 a.m.3 views

Managed TLS under Migration: Authentication Authority across CDN and Hosting Transitions

Managed TLS has become a common approach for deploying HTTPS, with platforms generating and storing private keys and automating certificate issuance on behalf of domain operators. This model simplifies operational management but shifts control of authentication material from the domain owner to t...

6.8AI score
Exploits0
Rows per page
Query Builder