Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4002

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

4.3CVSS5.5AI score0.00163EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:43 p.m.45 views

NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/11 12:16 a.m.6 views

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke AP...

7.1CVSS5.9AI score0.00452EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/11/14 2:11 p.m.17 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS0.00278EPSS
Exploits1References1
OSV
OSV
added 2024/11/27 10:15 p.m.4 views

DEBIAN-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

6.5CVSS8.5AI score0.00279EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 10:15 p.m.4 views

UBUNTU-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

6.5CVSS7.2AI score0.00279EPSS
Exploits0References5
Prion
Prion
added 2023/12/14 7:15 p.m.14 views

Code injection

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

4.6CVSS7.3AI score0.00389EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/01/23 9:59 p.m.19 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS7.1AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2014/08/15 12:0 a.m.29 views

CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS5.9AI score0.01488EPSS
Exploits0References4
Rows per page
Query Builder