289 matches found
EUVD-2024-3142
Malicious code in bioql PyPI...
EUVD-2023-1966
Malicious code in bioql PyPI...
EUVD-2025-3999
Malicious code in bioql PyPI...
EUVD-2023-2786
Malicious code in bioql PyPI...
EUVD-2023-1266
Malicious code in bioql PyPI...
EUVD-2023-54575
Malicious code in bioql PyPI...
CVE-2025-59036
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
Improper Validation of Certificate Expiration
Overview infrahub-server is an Infrahub is taking a new approach to Infrastructure Management by providing a new generation of datastore to organize and control all the data that defines how an infrastructure should run. Affected versions of this package are vulnerable to Improper Validation of...
GHSA-V2P7-4PV4-3WWH Infrahub: Deleted and expired API tokens can still authenticate
Impact A bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. Patches This issue is fixed in versions 1.3.9 and 1.4.5 Workarounds...
PT-2025-36994
Name of the Vulnerable Software and Affected Versions: Infrahub versions prior to 1.3.9 Infrahub versions prior to 1.4.5 Description: Infrahub provides a central hub for managing data, templates, and playbooks. A flaw in the authentication logic allows deleted or expired API tokens to be consider...
Linux Distros Unpatched Vulnerability : CVE-2021-22904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in...
📄 Mouselink 5.0.1 Remote System Control
Mouselink version 5.0.1 allows remote attackers to control system functions shutdown, restart, sleep, logout. By default, no password is configured, allowing an attacker to obtain a valid JWT token and invoke privileged /api/PCControl/ endpoints, leading to unauthorized system operations. Exploit...
CVE-2023-30525
A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...
CVE-2025-47781
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...
CVE-2025-47781
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...
PT-2025-21179 · Rallly · Rallly
Name of the Vulnerable Software and Affected Versions: Rallly versions up to and including 3.22.1 Description: The issue concerns the token-based authentication mechanism in Rallly, an open-source scheduling and collaboration tool. When a user attempts to log in, a 6-digit code is sent to their...
PT-2025-21029 · Zkt · Zkbio Cvsecurity
Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...
pki-core security update
An update is available for module.pki-core, module.ldapjdk, resteasy, jss, tomcatjss, ldapjdk, module.jss, module.resteasy, module.tomcatjss, pki-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
RLSA-2024:4367 Important: pki-core security update
The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: dogtag ca: token authentication bypass vulnerability CVE-2023-4727 For more details about the security issues, including the impact, a CVSS...
RockyLinux 8 : pki-core (RLSA-2024:4367)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4367 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the RockyLinux security...