23 matches found
PT-2026-41983
Name of the Vulnerable Software and Affected Versions BYD Atto3 affected versions not specified Description An attacker can obtain a permanently available authentication key through a Brute Force attack. This key allows unauthorized flashing of the Electronic Parking Break EPB and Supplemental...
CVE-2026-34362
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...
CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...
CVE-2026-34362
WWBN AVideo (versions up to 26.0) has a vulnerability in the verifyTokenSocket() function (plugin/YPTSocket/functions.php) where token timeout validation was commented out, allowing WebSocket tokens to never expire despite a 12-hour timeout. This enables captured or legitimately obtained tokens t...
CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...
Malicious code in @pumpfun-ipfs/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21604418f7961773b23e7b3544ca95874cba1432a87ae6d4127531e651133f78 The package @pumpfun-ipfs/sdk was found to contain malicious code. Source: ghsa-malware...
CVE-2026-33124
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69414
Plex Media Server (PMS) shows token leakage vulnerabilities across multiple CVEs. Specifically, CVE-2025-69414 (PMS up to 1.42.2.10156) allows retrieval of a permanent access token via /myplex/account using a transient token. OpenVAS notes PMS
Plex media server 安全漏洞
Plex media server is a media player from Plex. A security vulnerability exists in Plex Media Server version 1.42.2.10156 and earlier, which stems from a permanent access token that can be retrieved via a transient access token call to /myplex/account, which could lead to an access token disclosur...
MAL-2025-48168 Malicious code in redirect-hi5ag9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e49ecc050fdd447aea90673eeb66d24b8178995afbb51a3b4a91d40d83bc7dcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in redirect-r0ajvl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73f65474e74843585524ba438a44b128929068f1e44a755666386073a02d0b16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sparo-real-repo-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93d18b364aaf7362713190f03898dae9466135f12296f1c8384d269df6910bc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zitterorg/officia-facilis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ea7f442083820e7d02fbc7c5f8e0b324d07d78d16cafd481a9a6f9396bd5e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform GCP that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. Dubbed GhostToken by Israeli cybersecurity startup Astrix Security,...
CVE-2021-29012
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid temporarily during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus...
Design/Logic Flaw
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid temporarily during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus...
CVE-2021-29012
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid temporarily during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus...