Lucene search
K

289 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3142

Malicious code in bioql PyPI...

8.7CVSS5.4AI score0.01048EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1966

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01129EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-3999

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-2786

Malicious code in bioql PyPI...

5.9CVSS6AI score0.0055EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1266

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00542EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54575

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00659EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/09/11 10:23 p.m.12 views

CVE-2025-59036

Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...

5.5CVSS6.9AI score0.00177EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/10 8:47 p.m.4 views

Improper Validation of Certificate Expiration

Overview infrahub-server is an Infrahub is taking a new approach to Infrastructure Management by providing a new generation of datastore to organize and control all the data that defines how an infrastructure should run. Affected versions of this package are vulnerable to Improper Validation of...

5.5CVSS6.9AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2025/09/10 8:47 p.m.9 views

GHSA-V2P7-4PV4-3WWH Infrahub: Deleted and expired API tokens can still authenticate

Impact A bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. Patches This issue is fixed in versions 1.3.9 and 1.4.5 Workarounds...

5.5CVSS7AI score0.00177EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36994

Name of the Vulnerable Software and Affected Versions: Infrahub versions prior to 1.3.9 Infrahub versions prior to 1.4.5 Description: Infrahub provides a central hub for managing data, templates, and playbooks. A flaw in the authentication logic allows deleted or expired API tokens to be consider...

5.5CVSS6.4AI score0.00177EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-22904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/06/26 12:0 a.m.107 views

📄 Mouselink 5.0.1 Remote System Control

Mouselink version 5.0.1 allows remote attackers to control system functions shutdown, restart, sleep, logout. By default, no password is configured, allowing an attacker to obtain a valid JWT token and invoke privileged /api/PCControl/ endpoints, leading to unauthorized system operations. Exploit...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30525

A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...

8.8CVSS6.8AI score0.0078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/16 4:9 p.m.9 views

CVE-2025-47781

Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...

9.8CVSS7.3AI score0.00534EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 4:15 p.m.18 views

CVE-2025-47781

Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...

9.8CVSS0.00534EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.5 views

PT-2025-21179 · Rallly · Rallly

Name of the Vulnerable Software and Affected Versions: Rallly versions up to and including 3.22.1 Description: The issue concerns the token-based authentication mechanism in Rallly, an open-source scheduling and collaboration tool. When a user attempts to log in, a 6-digit code is sent to their...

9.8CVSS6.5AI score0.00534EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.5 views

PT-2025-21029 · Zkt · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...

9.8CVSS6.5AI score0.003EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.11 views

pki-core security update

An update is available for module.pki-core, module.ldapjdk, resteasy, jss, tomcatjss, ldapjdk, module.jss, module.resteasy, module.tomcatjss, pki-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS7.7AI score0.00659EPSS
Exploits0
OSV
OSV
added 2025/05/07 7:11 p.m.5 views

RLSA-2024:4367 Important: pki-core security update

The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: dogtag ca: token authentication bypass vulnerability CVE-2023-4727 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.9AI score0.00659EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.2 views

RockyLinux 8 : pki-core (RLSA-2024:4367)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4367 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the RockyLinux security...

7.5CVSS7.4AI score0.00659EPSS
Exploits0References3
Rows per page
Query Builder