Lucene search
K

88 matches found

CVE
CVE
added 2025/07/09 3:39 p.m.24 views

CVE-2025-53677

CVE-2025-53677 affects Jenkins Xooa Plugin versions 0.0.7 and earlier. The token is not masked on the global configuration form, enabling potential observation/capture of the Xooa Deployment Token by users with access to the Jenkins controller/file system. Remediation: update to a newer plugin ve...

5.3CVSS6.5AI score0.00252EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/04 8:36 a.m.9 views

CVE-2024-9453 Jenkins-image: sensitive data disclosure when using openshift jenkins image

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...

6.5CVSS0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.7 views

PT-2025-27232

Name of the Vulnerable Software and Affected Versions: authentik versions prior to 2025.4.3 authentik versions prior to 2025.6.3 Description: The issue arises from the way authentik handles tokens after authorizing access to a RAC endpoint. A token is created for a single connection and sent to t...

9.6CVSS5.7AI score0.00405EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/06/05 4:40 p.m.3 views

CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...

6.2CVSS7.1AI score0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:8 a.m.9 views

CVE-2022-2303

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Passwo...

4.3CVSS6.5AI score0.00624EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.7 views

CVE-2022-28892

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery CSRF because randomly generated tokens are too easily guessable...

8.8CVSS7AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:28 p.m.5 views

CVE-2021-3422

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 version...

7.5CVSS6.9AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.5 views

CVE-2021-37693

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

7.5CVSS6.7AI score0.00833EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.13 views

CVE-2020-26172

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...

6.5CVSS6.8AI score0.00652EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.17 views

CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

8.8CVSS7AI score0.01078EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 6:15 p.m.12 views

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

8.8CVSS0.0016EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/19 3:41 p.m.11 views

CVE-2025-30144 Fast-JWT Improperly Validates iss Claims

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

6.5CVSS6.2AI score0.00519EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-26032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33...

8.9CVSS7.6AI score0.0062EPSS
Exploits0References3
CVE
CVE
added 2025/02/27 1:53 p.m.113 views

CVE-2025-27154

CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/13 4:4 p.m.13 views

CVE-2025-24896

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...

8.1CVSS6.7AI score0.00553EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/27 1:12 a.m.28 views

CVE-2024-28770 IBM Security Directory Integrator information disclosure

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

4.8CVSS0.00175EPSS
Exploits0References1
Snyk
Snyk
added 2024/12/01 6:31 a.m.3 views

Race Condition

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Race Condition. When multiple concurrent login requests are processed simultaneously,...

8.2CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2024/11/27 10:15 p.m.7 views

AZL-53759 CVE-2024-53858 affecting package gh for versions less than 2.13.0-24

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

6.5CVSS7.2AI score0.00279EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/07/31 9:15 p.m.22 views

biscuit-auth vulnerable to public key confusion in third party block

Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it: - the public key of the previous block used in the signature - t...

6.4CVSS3.6AI score0.00237EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.5 views

PT-2024-25629 · Unknown +2 · Admin Preset Tool +2

Name of the Vulnerable Software and Affected Versions: Admin preset tool affected versions not specified Description: The issue is related to a CSRF risk due to the absence of a necessary token in actions within the admin preset tool. Recommendations: At the moment, there is no information about ...

9.8CVSS5.5AI score0.00944EPSS
Exploits1References46
Rows per page
Query Builder