Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/05/26 6:23 p.m.39 views

CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS0.0049EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 6:23 p.m.15 views

EUVD-2026-31953

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43378

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:28 a.m.11 views

Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score
Exploits0References17
Snyk
Snyk
added 2026/03/31 11:57 p.m.7 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the chat.send process. An attacker can inject unauthorized provenance fields by spoofing client identity metadata during the...

8.6CVSS5.9AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2021/05/28 8:15 a.m.14 views

CVE-2021-32543

The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...

6.5CVSS0.00761EPSS
Exploits0References2
Prion
Prion
added 2021/05/28 8:15 a.m.15 views

Authentication flaw

The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...

5.5CVSS5.7AI score0.00761EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.4 views

嘉实资讯 CTS Web transaction system 授权问题漏洞

CTS Web transaction system is a CTS Web transaction system from Cascade Information Technology, Taiwan. An authorization issue vulnerability exists in the CTS Web transaction system, which stems from an incorrect implementation of authentication-related functionality in the transaction system. A...

6.5CVSS5.8AI score0.00761EPSS
Exploits0References3
Rows per page
Query Builder