4 matches found
CVE-2026-46684 DataEase: Unauthorized Command Execution Vulnerability
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilterdoFilter pass X-DE-TOKEN values to TokenUtils.validate, which checks only token presence and length before userBOByTokentoken uses JWT.decode without signature...
Insertion Of Sensitive Information Into Sent Data
Axios is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to improper use of truthy/falsy evaluation for the withXSRFToken configuration instead of strict boolean checks, which allows an attacker to force XSRF tokens to be sent to malicious cross-origin...
Incorrect Authorization
org.apache.streampipes:streampipes-parent is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw in the user ID creation and JWT handling mechanism, which allows a non-administrator attacker to manipulate tokens and swap usernames with an administrator, thereby gaining full...
Perplexity AI Web Application 安全漏洞
Perplexity AI Web Application is a big data search engine application utilizing a big language model from Perplexity, Inc. in the United States. A security vulnerability exists in Perplexity AI Web Application GPT-4 version 2.51.0, which stems from mishandling of the token component and could lea...