34 matches found
CVE-2026-58656
Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: , allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token...
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...
PT-2026-46994
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The password-reset page renders the URL token directly into a JavaScript string literal within a server-rendered EJS template. Because EJS HTML-entity-encodes only a fixed set of characters and...
CVE-2026-44883
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
EUVD-2026-33059
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
LiteLLM SQL注入漏洞
LiteLLM is an open-source application developed by Berri AI. It allows for the use of OpenAI format calls for all LLM APIs. In versions 1.81.16 to 1.83.7 of LiteLLM, there was a SQL injection vulnerability. This vulnerability stemmed from the use of database queries during the check of the proxy...
GHSA-PGF8-2HGJ-GRQG Vercel: Non-interactive mode includes CLI arguments in suggested command output
Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...
Vercel: Non-interactive mode includes CLI arguments in suggested command output
Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...
BIT-AUTHENTIK-2025-52553 authentik has Insufficient Session verification for Remote Access Control endpoint access
authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, howev...
GHSA-453R-G2PG-CXXQ Local Incus UI web server vulnerable to nuthentication bypass
Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...
Linux Distros Unpatched Vulnerability : CVE-2026-33898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication...
CVE-2026-33620 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...
CVE-2026-33620
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
Summary PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy...
CVE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email...
CVE-2026-22644
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
EUVD-2026-2798
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
CVE-2026-22644
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
CVE-2026-22644
Technical details (affected products, components, versions, root cause, exploit status) are not publicly provided in the connected documents. Monitor updates from Red Hat, CIRCL, NVD and others for confirmed remediation and impact.
CVE-2026-22644
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...