Lucene search
K

15 matches found

GithubExploit
GithubExploit
added 2026/05/25 3:6 p.m.92 views

human-connection-ctf

Human Connection Challenge: CTF Writeup Platform: Immersi...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/23 6:17 p.m.4 views

EUVD-2026-14479

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...

7.5CVSS5.7AI score0.00234EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28475

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 9:59 p.m.21 views

CVE-2026-28475

OpenClaw is affected in versions before 2026.2.13 where hook token validation uses non-constant-time string comparison, enabling remote attackers to infer tokens via timing side-channels across multiple requests. This can gradually compromise authentication tokens, impacting confidentiality and i...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/16 7:48 p.m.4 views

CVE-2025-14148

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS6.5AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2025/12/15 8:15 p.m.4 views

CVE-2025-14148

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 7:43 p.m.18 views

CVE-2025-14148 IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51280

Name of the Vulnerable Software and Affected Versions IBM DevOps Deploy versions 8.1 through 8.1.2.3 Description An authenticated user with LLM integration configuration privileges may be able to recover a previously saved LLM API Token. Recommendations Update to a version later than 8.1.2.3...

6.5CVSS6.4AI score0.00253EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

IBM DevOps Deploy 安全漏洞

IBM DevOps Deploy is an application release solution from International Business Machines IBM, Inc. Standardizes and simplifies the process of deploying software components to each environment during the development cycle. A security vulnerability exists in IBM DevOps Deploy versions 8.1 through...

6.5CVSS6.3AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2019-5823

Malware in sbrugna...

8.8CVSS7.6AI score0.02234EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-14666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery ...

8.8CVSS7.4AI score0.02234EPSS
Exploits1References2
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.12 views

In FxERC20RootTunnel, there is no option to get bridged tokens back in case the transaction can not be executed on L2

Lines of code Vulnerability details Impact If the transaction on L2 fails to be executed the tokens deposited on L1 will be lost since there is no way to recover them Proof of Concept When calling FxERC20RootTunnel:: withdraw the users deposits a certain amount of tokens to the bridge that he wan...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2022/05/20 10:52 p.m.30 views

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

8.8CVSS2.2AI score0.02234EPSS
Exploits1References1
NVD
NVD
added 2019/09/25 8:15 p.m.32 views

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

8.8CVSS8.8AI score0.02234EPSS
Exploits1References2
Prion
Prion
added 2019/09/25 8:15 p.m.29 views

Design/Logic Flaw

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

6.5CVSS8.7AI score0.02234EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder