Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.11 views

netlicensing-mcp: REST Path Traversal Bypasses Token Redaction

REST Path Traversal Bypasses Token Redaction in netlicensing-mcp Summary The netlicensinggetproduct MCP tool in netlicensing-mcp interpolates a caller-controlled productnumber argument directly into a REST URL path without any validation. Passing ../token as the product number causes httpx to...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 11:14 p.m.11 views

Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-0951

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00312EPSS
Exploits1References5
CVE
CVE
added 2025/07/14 11:35 p.m.74 views

CVE-2025-53886

Directus vulnerability CVE-2025-53886 affects Directus with Flows using the WebHook trigger prior to version 11.9.0. The issue logs all incoming request details, including sensitive data such as access and refresh tokens stored in cookies, enabling a user with log access (malicious admins) to hij...

4.5CVSS7AI score0.00387EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/07/14 11:35 p.m.12 views

CVE-2025-53886 Directus doesn't redact tokens in Flow logs

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

4.5CVSS0.00387EPSS
Exploits0References4
Rows per page
Query Builder