Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-28239

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.01EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/20 7:52 p.m.42 views

CVE-2022-39304 ghinstallation returns app JWT in error responses

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

5CVSS5.5AI score0.00382EPSS
Exploits1References4
NVD
NVD
added 2021/10/04 7:15 p.m.20 views

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...

9.8CVSS0.01EPSS
Exploits0References1
OSV
OSV
added 2021/10/04 7:15 p.m.18 views

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...

9.8CVSS9.8AI score
Exploits0References1
CVE
CVE
added 2021/10/04 6:25 p.m.50 views

CVE-2021-41100

CVE-2021-41100 affects Wire-server (Wire’s backing server). A short-lived session token in the Authorization header can be used to change a user’s email, which may enable account takeover due to subsequent password changes. Public details indicate that Version 2021-08-16 and later added a new end...

9.8CVSS9.1AI score0.01EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/04 6:25 p.m.22 views

CVE-2021-41100 Account takeover when having only access to a user's short lived token in wire-server

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...

7.4CVSS10AI score0.01EPSS
Exploits0References1
Rows per page
Query Builder