Lucene search
K

15 matches found

Snyk
Snyk
added 2026/03/05 9:13 p.m.3 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the c.IsTokenAuth checks in API routes. An attacker can obtain sensitive access tokens by inspecting URL parameters in logs, browser history, or referrer headers. Remediation...

7.2CVSS5.8AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4629

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00927EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 a.m.8 views

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS5.8AI score0.00927EPSS
Exploits1References1
Prion
Prion
added 2023/09/07 11:15 p.m.24 views

Design/Logic Flaw

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

5.5CVSS9.1AI score0.00975EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/24 4:56 p.m.39 views

GHSA-MVQR-R76C-WM5F Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS5.8AI score0.00927EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.19 views

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS5.8AI score0.00927EPSS
Exploits1References4Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.35 views

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS4.7AI score0.00927EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.5 views

PT-2021-2690 · Openvpn +5 · Openvpn +5

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.5.1 and earlier Description: The issue allows a remote attacker to bypass authentication and access control channel data on servers configured with deferred authentication. This can potentially be used to trigger further...

9.8CVSS7.8AI score0.05539EPSS
Exploits4References83
NVD
NVD
added 2019/09/24 6:15 p.m.17 views

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS5.9AI score0.00927EPSS
Exploits1References1
OSV
OSV
added 2019/09/24 6:15 p.m.15 views

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2019/09/24 6:15 p.m.20 views

Cross site scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

4.3CVSS5.8AI score0.00927EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/24 5:14 p.m.15 views

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

5.9AI score0.00927EPSS
Exploits1References1
CVE
CVE
added 2019/09/24 5:14 p.m.76 views

CVE-2019-16751

Devise Token Auth (through 1.1.2) is affected by a Reflected XSS in the omniauth failure endpoint, specifically via the message parameter in the fallback_render method of the omniauth callbacks controller. Unauthenticated attackers can craft a URL to execute malicious JavaScript in a victim’s bro...

6.1CVSS5.8AI score0.00927EPSS
Exploits1References1Affected Software1
Kitploit
Kitploit
added 2016/04/12 10:30 p.m.43 views

FruityWifi v2.4 - Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi, Pwnpi Raspberry Pi, Bugtraq. v2.4 Utils have been added replaces "ifconfig -a"...

7.5AI score
Exploits0References1
Oracle linux
Oracle linux
added 2015/03/11 12:0 a.m.63 views

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

4.3CVSS0.1AI score0.18351EPSS
Exploits1
Rows per page
Query Builder