Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/15 6:45 p.m.11 views

EUVD-2026-30585

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...

8.1CVSS5.8AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 2:12 p.m.30 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS0.00287EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 3:10 p.m.16 views

CVE-2025-54981

CVE-2025-54981 affects Apache StreamPark prior to 2.1.7, due to use of AES in ECB mode and a weak RNG for encrypting sensitive data such as JWT tokens. This weak encryption could lead to exposure of confidential data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNV...

7.5CVSS6.7AI score0.00216EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/28 8:53 p.m.5 views

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS6.8AI score0.00116EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0827

Malicious code in bioql PyPI...

4.6CVSS6.4AI score0.00594EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2023-2349

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00324EPSS
Exploits0References4
OSV
OSV
added 2025/02/28 2:34 a.m.1 views

GHSA-PWHH-Q4H6-W599 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...

8.4CVSS6.9AI score0.00589EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.4 views

PT-2023-30313 · Pilos · Pilos

Name of the Vulnerable Software and Affected Versions: PILOS versions prior to 2.3.0 Description: The password reset component in PILOS uses the hostname supplied within the request host header when building a password reset URL. This could allow manipulation of the URL sent to PILOS users,...

8.8CVSS8.3AI score0.00599EPSS
Exploits0References6
Rows per page
Query Builder