Lucene search
+L

10 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-44955

Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stackid and orgid values present in the public source tree...

9.8CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday26 views

CVE-2026-63087 Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint

Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stackid and orgid values present in the public source tree...

9.8CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60508

Name of the Vulnerable Software and Affected Versions Grafana OnCall versions prior to 1.16.12 Description An unauthenticated access issue exists where remote attackers can obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint. This is possible by using...

9.8CVSS5.6AI score
Exploits0References6
OSV
OSV
added 2026/04/02 8:46 p.m.10 views

GHSA-MHGQ-XPFQ-6R66 OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes

Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITESCOPE, but impact should stay limited to plugin routes that actually tou...

8.2CVSS5.9AI score0.00286EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/02 8:46 p.m.9 views

OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes

Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITESCOPE, but impact should stay limited to plugin routes that actually tou...

8.8CVSS5.9AI score0.00286EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-145489 Malicious code in nightwatch-terser-webpack-plugin-auth-callisto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8330b970ea27a9a8326babaa86a72618b895c2a775a610dbb6a8d80ff93ff11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/04/22 8:49 p.m.5 views

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-24858 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-24858 Source advisory: OSV:GHSA-F9WG-5F46-CJMW...

6.1CVSS6.3AI score0.0076EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/12/01 6:29 p.m.40 views

Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend

Impact This vulnerability allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but i...

7.4CVSS2.6AI score0.00656EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/11/26 7:15 p.m.50 views

CVE-2021-43776

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

7.4CVSS0.00656EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/26 6:15 p.m.60 views

CVE-2021-43776 XSS vulnerability in @backstage/plugin-auth-backend

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

7.4CVSS7.2AI score0.00656EPSS
Exploits0References2
Rows per page
Query Builder