CVE-2026-4617

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...

EUVD-2026-1860

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

GHSA-2PHV-J68V-WWQX pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...

EUVD-2017-18920

Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...

CVE-2025-55696 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability

...

EUVD-2011-5144

Malware in sbrugna...

CVE-2025-9485

CVE-2025-9485 is an authentication-bypass flaw in the WordPress plugin “OAuth Single Sign On – SSO (OAuth Client)” up to v6.26.12. The root cause is improper verification of cryptographic signatures due to unsafe JWT handling in get_resource_owner_from_id_token, enabling unauthenticated attackers...

Linux Distros Unpatched Vulnerability : CVE-2020-18780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Use After Free vulnerability in function newToken in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command...

Use of Hard-coded Password

Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the NewToken function. An attacker can gain unauthorized access to sensitive information by exploiting the use of a hard-coded password in the JSON Web Token handling process. Remediation There is no fixed...

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.

...

CVE-2023-51258

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the newToken function in the modules/preprocs/nasm/nasm-pp:1512...

PT-2024-14080

Name of the Vulnerable Software and Affected Versions YASM version 1.3.0 Description A memory leak issue allows a local attacker to cause a denial of service via the new Token function in the modules/preprocs/nasm/nasm-pp file. Recommendations For YASM version 1.3.0, as a temporary workaround,...

UBUNTU-CVE-2023-42366

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the nexttoken function at awk.c:1159...

CVE-2023-42366

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the nexttoken function at awk.c:1159...

PT-2023-7297 · Busybox +1 · Busybox +1

Name of the Vulnerable Software and Affected Versions: BusyBox version 1.36.1 Description: A heap-buffer-overflow issue was discovered in the next token function at awk.c:1159. This issue is related to writing beyond the buffer boundaries. Exploitation of this issue may allow an attacker to cause...

SUSE CVE-2020-18780

A Use After Free vulnerability in function newToken in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command...

PT-2023-11507 · Nasm +2 · Nasm +2

Name of the Vulnerable Software and Affected Versions: nasm version 2.14.02 Description: A Use After Free issue in the new Token function in asm/preproc.c allows attackers to cause a denial of service via a crafted nasm command. Recommendations: For nasm version 2.14.02, consider disabling the ne...

Nasm 资源管理错误漏洞

Nasm is an open source programming tool software by The Nasm Development Team team. A security vulnerability exists in Nasm version 2.14.02, which stems from a post-release reuse vulnerability in the newToken function of asm/preproc.c. The vulnerability is caused by the use of the newToken functi...

AZL-35387 CVE-2023-29581 affecting package yasm 1.3.0-17

yasm 1.3.0.55.g101bc has a segmentation violation in the function deleteToken at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to ...

PT-2023-22321 · Yasm +1 · Yasm +1

Name of the Vulnerable Software and Affected Versions: yasm version 1.3.0.55.g101bc Description: The issue is related to a segmentation violation in the delete Token function at modules/preprocs/nasm/nasm-pp.c. Although this could potentially make a libyasm application unavailable if exploited, t...