EUVD-2026-29944

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

CVE-2026-42961

ELECOM wireless LAN access point devices are affected by CVE-2026-42961 due to inadequate CSRF token handling. An authenticated user viewing a malicious page could trigger unintended operations. CVSS metrics in the sources show MEDIUM severity (CVSS3.0: 4.3; CVSS4.0: 5.1) with Network access and ...

CVE-2026-42961

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

CVE-2026-31610

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

PT-2026-34995

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc preparse xdr yfs rxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "reject token:" case...

DNS Rebinding

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to DNS Rebinding in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

JLSEC-2026-94

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which can lead to the CAPTCHA being bypassed on subsequent submissions. This vulnerability is mitigated...

AliasVault 安全漏洞

AliasVault is an open-source password manager developed by AliasVault. Versions of AliasVault prior to 0.25.3 contained a security vulnerability. This vulnerability stemmed from incorrect handling of parameters such as accessToken, refreshToken, metadata, keyderivationparams, and authMethods in t...

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988779 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is...

EUVD-2016-7919

Malware in sbrugna...

EUVD-2021-26683

Malware in sbrugna...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-386412)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-386412 advisory. In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: assign irq bypass producer token correctly We used to call irqbypassunregisterproducer...

EUVD-2023-2806

Malicious code in bioql PyPI...

Papermerge DMS 授权问题漏洞

Papermerge DMS is a document management system from Papermerge DMS open source. An authorization issue vulnerability exists in Papermerge DMS 3.5.3 and prior versions, which stems from improper handling of authorization tokens and can lead to unauthorized access...

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

PT-2025-17613 · Unknown · Meon Kyc Solutions

Name of the Vulnerable Software and Affected Versions: Meon KYC solutions affected versions not specified Description: The issue arises from improper handling of access and refresh tokens in certain API endpoints of the authentication process. A remote attacker could exploit this by intercepting...