Lucene search
K

188 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/27 3:23 p.m.4 views

CVE-2020-36948

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/27 3:23 p.m.13 views

CVE-2020-36948

CVE-2020-36948 concerns VestaCP 0.9.8-26, where the LoginAs module contains a session token vulnerability due to insufficient token validation . This allows remote attackers to manipulate authentication tokens, enabling access to user accounts and performing unauthorized login requests without pr...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.12 views

NervesHub security feature vulnerability

NervesHub is a software developed under open source by NervesHub for managing firmware updates of Nerves devices. Versions of NervesHub from 1.0.0 to 2.3.0 had security vulnerabilities. These vulnerabilities stemmed from the predictable and non-encrypted token format, which could lead to...

9.8CVSS5.8AI score0.00422EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.10 views

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

5.9CVSS6.9AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:31 a.m.7 views

CVE-2017-18179

Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...

8.8CVSS7.2AI score0.02808EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.6 views

Plex media server 安全漏洞

Plex media server is a media player from Plex. A security vulnerability exists in Plex media server version 1.42.2.10156 and earlier, which stems from the ability to access /myplex/account using a device token that is not properly aligned with whether or not the device currently has an account...

7.1CVSS6.6AI score0.00255EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/29 2:3 p.m.4 views

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS4.2AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.8 views

WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

5.3CVSS6AI score0.0049EPSS
Exploits0References8
OSV
OSV
added 2025/12/05 4:49 p.m.6 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.6AI score0.0012EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4050

Malware in sbrugna...

7.5CVSS7.6AI score0.0089EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-4160

Malware in sbrugna...

8.8CVSS8.6AI score0.00839EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5587

Malware in sbrugna...

7.5CVSS7.6AI score0.01094EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-24190

Malware in sbrugna...

7.5CVSS7.4AI score0.00833EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-5591

Malware in sbrugna...

7.5CVSS7.6AI score0.01094EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5522

Malware in sbrugna...

7.5CVSS7.6AI score0.0131EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-23493

Malware in sbrugna...

7.5CVSS7.5AI score0.01941EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-5477

Malware in sbrugna...

7.5CVSS7.6AI score0.01076EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-5116

Malware in sbrugna...

7.5CVSS7.6AI score0.01094EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-6011

Malware in sbrugna...

7.5CVSS7.6AI score0.00926EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-10381

Malware in sbrugna...

7.5CVSS7.6AI score0.01464EPSS
Exploits1References4
Rows per page
Query Builder