CVE-2026-44883 Portainer: JWT accepted in URL query leaks tokens to logs and referers

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

CVE-2026-44883

Summary: Portainer Community Edition versions 2.33.0–2.33.7.x, 2.39.0–2.39.1.x, and 2.40.x prior to 2.41.0 expose JWTs via the ?token= URL query parameter on any authenticated API endpoint, in addition to the Authorization header. Root cause: The authentication middleware accepted the token from ...

Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

GHSA-JVP4-Q659-95MJ Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...

CVE-2025-34114

A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy,...

Rockstar Games: Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft.

In this report, the researcher demonstrated a method to chain together separate vulnerabilities that, under certain conditions, could cause a user's Facebook Oauth tokens to leak via the Referer header. In this instance, an Open Redirect vulnerability was utilized to exploit the fact that the ful...

Rockstar Games: Facebook OAuth Code Theft through referer leakage on support.rockstargames.com

In this report, the researcher was able to discover a method to expose and exfiltrate Oauth tokens. This was done by injecting an tag containing a payload pointing to the attacker's own domain into replies of Support Community forum threads. Once this was done, users operating under a particular...

Rockstar Games: Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this...

Heroku the latest vulnerability to cause the hackers can take control of their accounts-vulnerability warning-the black bar safety net

Premise Description: 5 month 2 6 day, the vulnerability has been fixed. Environment Heroku（https://www.heroku.com/there is one called“one click deployment”feature, when you click, it is possible to achieve a bond of the configuration and deployment of third-party components, libraries and...

Factlink: Leaking of password reset token through referer

When we request a password reset link, after that before Writing a new password, Going to an External link would cause Referer leakage... Remote Address:74.125.68.95:443 Request URL:https://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700 Request Method:GET Status Code:200 OK...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...

CVE-2011-2152

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...

CVE-2011-2152

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...