Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/15 8:36 a.m.13 views

EUVD-2026-36702

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 7:34 p.m.5 views

CVE-2026-34215 Parse Server: Auth data exposed via verify password endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.21 views

PT-2026-28610

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.63 Parse Server versions prior to 9.7.0-alpha.7 Description The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attack...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2025/12/19 8:14 p.m.2 views

CVE-2025-68481 FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

5.9CVSS6.5AI score0.00222EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.7 views

Mattermost Server exposes OAuth personal access tokens to attackers

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens...

8.1CVSS7.3AI score0.00806EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.4 views

JFrog Artifactory 安全漏洞

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog Jfrog that supports clustering and high-availability Docker registries and provides an end-to-end automation solution for tracking artifacts from development to production.JFrog Artifactory...

5.5CVSS5.8AI score0.00623EPSS
Exploits0References3
Rows per page
Query Builder