Lucene search
K

289 matches found

Snyk
Snyk
added 2026/01/29 10:4 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...

6.9CVSS5.9AI score0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/01/29 9:2 p.m.19 views

CVE-2026-24845

CVE-2026-24845 affects the malcontent tool. The advisory describes that versions prior to 1.20.3 (starting with 0.10.0) could exfiltrate Docker registry credentials when scanning certain OCI image references. The vulnerability stems from malcontent using google/go-containerregistry for OCI image ...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/29 2:28 p.m.5 views

EUVD-2020-30903

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

8.7CVSS5.9AI score0.00456EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/22 10:50 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of JWT authentication middleware and RBAC authorization checks in the routing configuration for /api/v1/jobs endpoint. An attacker can view, update, and delete jobs by sending...

9.8CVSS5.6AI score0.00713EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4299

Name of the Vulnerable Software and Affected Versions Dragonfly versions 2.4.1-rc.0 through 2.4.1-rc.0 Dragonfly versions 2.x Description Dragonfly Manager's Job API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs. This could lead to...

9.3CVSS5.5AI score0.00713EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

Dragonfly Access Control Vulnerability

Dragonfly is an open-source framework developed by DragonflyDB, capable of dynamically processing any content type. Versions of Dragonfly 2.4.1-rc.0 and earlier contained a access control vulnerability. This vulnerability stemmed from the absence of JWT authentication and RBAC authorization check...

9.8CVSS5.8AI score0.00713EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : pki-core:10.6 (AXSA:2024-8557:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8557:01 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS5.6AI score0.00659EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : pki-core-10.5.18-32.el7 (AXSA:2024-8569:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8569:03 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS5.6AI score0.00659EPSS
Exploits0References2
OSV
OSV
added 2026/01/10 2:57 a.m.6 views

CVE-2026-22595 Ghost has Staff Token permission bypass

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...

8.1CVSS6.6AI score0.00494EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

Ghost 安全漏洞

Ghost is a hosting service from Ghost Open Source. A security vulnerability in Ghost versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3 stems from a flaw in the way Ghost handles staff token authentication, which could lead to improper access to certain endpoints that are restricted to...

8.1CVSS6.4AI score0.00494EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.8 views

CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

7.5CVSS7.1AI score0.00833EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/08 2:12 p.m.12 views

ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS5.7AI score0.00389EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.418 views

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

9.9CVSS7.8AI score0.05995EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/11/28 2:54 a.m.8 views

CVE-2025-34351

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

9.3CVSS8.1AI score0.00474EPSS
Exploits5References1
Github Security Blog
Github Security Blog
added 2025/11/27 3:30 a.m.32 views

Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

8.2AI score0.00474EPSS
Exploits5References10Affected Software1
OSV
OSV
added 2025/11/27 3:30 a.m.4 views

GHSA-GX77-XGC2-4888 Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

9.3CVSS8.1AI score0.00474EPSS
Exploits5References10
NVD
NVD
added 2025/11/27 3:15 a.m.7 views

CVE-2025-34351

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. At the request of the MITRE TL-Root and following the CVE Program’s Dispute Policy, it has been determined that this assignment did not identify a valid vulnerability based on the vendor's product security...

0.00474EPSS
Exploits5
EUVD
EUVD
added 2025/11/27 2:45 a.m.10 views

EUVD-2025-199783

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

9.3CVSS7.6AI score0.00474EPSS
Exploits5References4
CVE
CVE
added 2025/11/27 2:45 a.m.24 views

CVE-2025-34351

CVE-2025-34351 is rejected/not used per the CVE Numbering Authority; not a valid vulnerability entry.

7.8AI score0.00474EPSS
Exploits5
Cvelist
Cvelist
added 2025/11/27 2:45 a.m.11 views

CVE-2025-34351

...

0.00474EPSS
Exploits5
Rows per page
Query Builder