Lucene search
K

11 matches found

OSV
OSV
added 2026/06/25 10:29 p.m.6 views

MAL-2026-6487 Malicious code in velocityfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...

5.8AI score
Exploits0References6
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.35 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS0.00286EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36485

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description The server authentication token is accepted via a GET parameter in the app/Http/Controllers/Server/UniProxyController.php file. This causes the token to be exposed in URLs, such as the endpoint...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.5 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/01 12:0 a.m.5 views

EUVD-2026-26668

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
CVE
CVE
added 2026/05/01 12:0 a.m.14 views

CVE-2026-37504

Affected software/versions: V2Board, prior to 1.7.5. Root cause: The server authentication token is accepted via a GET parameter in app/Http/Controllers/Server/UniProxyController.php, causing the token to appear in URLs like /api/v1/server/UniProxy/user?token=SECRET and be recorded in logs, histo...

7.5CVSS5.8AI score0.00286EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26791

Malware in sbrugna...

5.4CVSS5.5AI score0.00331EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/10 2:36 p.m.4 views

freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

8.8CVSS5.8AI score0.00667EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/10 2:28 p.m.4 views

freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

8.8CVSS5.8AI score0.00667EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/10 2:24 p.m.5 views

freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

8.8CVSS5.8AI score0.00667EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/10 2:13 p.m.8 views

freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

8.8CVSS5.8AI score0.00667EPSS
Exploits0References5
Rows per page
Query Builder