CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2023-47626

iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1...

CVE-2023-47626

CVE-2023-47626 affects iTop (an IT service management platform). The vulnerability is an XSS risk that occurs when displaying/editing a user’s personal tokens; the root cause is improper handling of token-related input in the UI, enabling script execution. A fix is available in iTop v3.1.1 (and l...

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

GHSA-8G9W-5JV6-7M4X Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2020-11033

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges escalations or read/update/delete data normally non...