CVE-2018-19525

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...

EUVD-2021-1325

Malware in sbrugna...

EUVD-2017-0349

Malware in sbrugna...

EUVD-2022-7521

Malicious code in bioql PyPI...

PT-2025-25386 · Salt +1 · Salt +1

Name of the Vulnerable Software and Affected Versions: Salt affected versions not specified Description: The issue allows a misbehaving minion to impersonate another minion due to the salt master skipping minion token validation in multiple methods. Recommendations: At the moment, there is no...

CVE-2020-5268

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...

CVE-2024-12860

CVE-2024-12860 refers to the CarSpot – Dealership WordPress Classified Theme. The vulnerability allows unauthenticated privilege escalation via account takeover because the plugin does not properly validate a token before updating a user’s password. The issue affects CarSpot up to and including v...

CVE-2024-1740

In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an 'Authorization' token in the browser, which...

CVE-2024-9931

The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the fir...

CVE-2024-9861

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...

JetBrains Gateway 授权问题漏洞

JetBrains Gateway is a compact desktop application from the Czech company JetBrains. Allows you to work remotely using the JetBrains IDE, even without a download. A security vulnerability exists in JetBrains Gateway versions prior to 2022.3 that stems from the fact that a client can connect witho...

SUSE-SU-2021:3151-1 Security update for cobbler

This update for cobbler fixes the following issues: Security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection bsc1189458 - CVE-2021-40324: Fixed an arbitrary file write bsc1189458 - CVE-2021-40325: Fixed a problem with the token validation bsc1189458 - Please...

CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

Security Update For Exchange Server 2019 CU6 (KB4581424)

A Microsoft Exchange information disclosure exists in how tokens are validated when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user...