CVE-2026-54639

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

EUVD-2026-38640

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

CVE-2026-54639

CVE-2026-54639 affects Style Dictionary prior to 5.4.4, with a prototype pollution vulnerability in the convertTokenData utility (versions 4.3.0–4.x before 5.4.4). The impact is high when Style Dictionary is used as a Node.js server integration, moderate for web app integrations, and low for toke...

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

CVE-2026-46496

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

CVE-2026-46359

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

CVE-2026-46359

CVE-2026-46359 (phpMyFAQ) affects phpMyFAQ prior to 4.1.2. A SQL injection exists in CurrentUser::setTokenData, allowing authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or J...

PT-2026-41361

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

GHSA-PM8C-3QQ3-72W7 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

Summary CurrentUser::setTokenData in phpmyfaq/src/phpMyFAQ/User/CurrentUser.php at lines 515-534 builds a SQL UPDATE statement with sprintf and interpolates OAuth token fields refreshtoken, accesstoken, codeverifier, and jsonencode$token'jwt' without calling $db-escape. Sibling methods...

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

Imperva API Security: Authentication Risk Report—Key Findings & Fixes

An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...

CVE-2023-7192

creationtimestamp| type| source ---|---|--- 2024-01-02 20:27:09+00:00| seen| https://t.me/ctinow/161987 2024-01-03 01:36:24+00:00| seen| https://t.me/cibsecurity/74190 2024-01-22 09:11:16+00:00| seen| https://t.me/ctinow/171039...

Acronis Cyber Protect Security Vulnerability

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. It combines backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management and more. A security...

CVE-2018-17453

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception...

SUSE CVE-2020-36382

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...

Apache Ozone 安全漏洞

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that allows an attacker to retrieve token data from the database and use it...

CVE-2019-17398

In the Dark Horse Comics application 1.3.21 for Android, token information equivalent to the username and password is stored in the log during authentication, and may be available to attackers via logcat...

UBUNTU-CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets CSS token-sequence data...

KLA10315 Multiple vulnerabilities in SUPERAntiSpyware

Multiple serious vulnerabilities have been found in SUPERAntiSpyware. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and gain privileges. Below is a complete list of vulnerabilities 1. Unsafe buffers, function parameter handling, unsafe pointe...