Lucene search
K

43 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

0.00249EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-13437

CVE-2026-13437 affects Devolutions PowerShell Universal 2026.2.0. An attacker with AI Agent read access can exploit the AI Agent job API to receive App Tokens serialized in plaintext within API responses, enabling retrieval of reusable authentication tokens with potential higher privilege. The un...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago14 views

CVE-2026-52783

OpenProject stores OneDrive/SharePoint userless OAuth access_token in plaintext in Rails.cache within the Storages module prior to versions 17.3.3 and 17.4.1. None of the allowed backends (file_store, memcache, redis) encrypts data at rest. An attacker with read access to the cache can retrieve t...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:55 p.m.12 views

CVE-2026-46622

SolidInvoice before v2.3.17 stores API tokens in plaintext in the api_tokens database table. If an attacker gains read access to the database (e.g., via SQL injection, leaked backups, misconfigured replicas, or insider access), they can immediately obtain all API credentials for every user with n...

8.1CVSS5.5AI score0.00197EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS5.5AI score0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.12 views

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

5.8AI score0.00103EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Tigera Calico 安全漏洞

Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workloads. Tigera Calico has a security vulnerability, which stems from the Azure IPAM plugin recording unencrypted configuration mappings in logs...

6CVSS5.8AI score0.00323EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/21 9:16 p.m.4 views

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS5.8AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.8 views

Sparx Enterprise Architect 安全漏洞

Sparx Enterprise Architect is a modeling and design tool developed by the Australian company Sparx. There is a security vulnerability in Sparx Enterprise Architect, which stems from insufficient credential protection, allowing the client to potentially disclose the plaintext OAuth2 client token...

6.2CVSS5.8AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 10:48 p.m.3 views

GHSA-47WQ-CJ9Q-WPMP Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...

9.9CVSS6AI score
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Splunk MCP Server 安全漏洞

The Splunk MCP Server is a multi-cloud platform server provided by the American company Splunk. Versions of the Splunk MCP Server app prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the storage of plaintext sessions and authorization tokens, which could allow...

7.2CVSS6AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.1 views

CVE-2026-32598

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

6.9CVSS5.8AI score0.00235EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/05 6:33 a.m.5 views

Authentication Bypass

Signal K Server is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of WebSocket server events and access-request status endpoints, which allows an attacker to enumerate request IDs and poll their status to steal plaintext JWT tokens and fully hijack...

9.1CVSS7AI score0.00492EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/12/13 4:25 a.m.8 views

Information Disclosure

Jenkins OpenShift Pipeline Plugin is vulnerable to sensitive information exposure. The vulnerability is due to storing authorization tokens in plaintext within job config.xml files, where the plugin fails to encrypt or securely protect authentication tokens used for OpenShift access, and allows...

4.3CVSS6.6AI score0.00179EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/12/13 4:20 a.m.7 views

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to Sensitive Information Exposure. The vulnerability is due to storing API tokens in plaintext within job config.xml files, where the plugin does not encrypt or otherwise protect secret values, and allows attackers with Item/Extended Read...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/11/07 6:30 p.m.4 views

EUVD-2025-38291

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...

9.6CVSS6.2AI score0.00331EPSS
Exploits1References3
OSV
OSV
added 2025/11/07 4:15 p.m.4 views

CVE-2025-63691

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...

9.6CVSS6.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.2 views

CVE-2025-63691

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...

6.3AI score0.00331EPSS
Exploits1References2
Rows per page
Query Builder