Lucene search
+L

4 matches found

OSV
OSV
added 3 days ago5 views

CVE-2026-46684 DataEase: Unauthorized Command Execution Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilterdoFilter pass X-DE-TOKEN values to TokenUtils.validate, which checks only token presence and length before userBOByTokentoken uses JWT.decode without signature...

9.5CVSS6.1AI score0.00193EPSS
Exploits0References5
Veracode
Veracode
added 2026/04/30 5:2 p.m.13 views

Insertion Of Sensitive Information Into Sent Data

Axios is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to improper use of truthy/falsy evaluation for the withXSRFToken configuration instead of strict boolean checks, which allows an attacker to force XSRF tokens to be sent to malicious cross-origin...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/01/05 11:41 a.m.6 views

Incorrect Authorization

org.apache.streampipes:streampipes-parent is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw in the user ID creation and JWT handling mechanism, which allows a non-administrator attacker to manipulate tokens and swap usernames with an administrator, thereby gaining full...

8.1CVSS6.9AI score0.14786EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.5 views

Perplexity AI Web Application 安全漏洞

Perplexity AI Web Application is a big data search engine application utilizing a big language model from Perplexity, Inc. in the United States. A security vulnerability exists in Perplexity AI Web Application GPT-4 version 2.51.0, which stems from mishandling of the token component and could lea...

7.5CVSS6.5AI score0.00419EPSS
Exploits0References2
Rows per page
Query Builder