CVE-2026-32103

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...

EUVD-2021-17094

Malware in sbrugna...

EUVD-2022-1725

Malicious code in bioql PyPI...

CISA Thorium multiple vulnerabilities

RISK EVALUATION CISA Thorium is a framework used for malware analysis. Multiple vulnerabilities were reported in Thorium. Impacts include denial of service, authenticated arbitrary file read, and failure to expire previously issued user tokens. 2. RECOMMENDED PRACTICES These issues were...

Linux Distros Unpatched Vulnerability : CVE-2021-30158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has...

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

PT-2023-16244 · WordPress · Social Warfare

Name of the Vulnerable Software and Affected Versions: Social Warfare plugin for WordPress versions up to, and including, 4.4.0 Description: The issue is due to missing or incorrect nonce validation on several AJAX actions, making it possible for unauthenticated attackers to delete post meta...

Arbitrary access to reset any _tokenId

Lines of code Vulnerability details Impact The poke function is currently missing check to see if user calling poke with tokenId is actually owner of it. Since this function will reset the token and vote so the actual owner will not be able to make withdraw on this tokenId as votedtokenId will be...

CVE-2022-24743 Insufficient Session Expiration in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...

CVE-2018-20500

An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leav...

CareMonkey SaaS BB #1 - Token Reset Vulnerability

Document Title: =============== CareMonkey SaaS BB 1 - Token Reset Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1873 Video: http://www.vulnerability-lab.com/getcontent.php?id=1926 Release Date: ============= 2016-06-02 Vulnerability...