12 matches found
EUVD-2020-1427
Malware in sbrugna...
EUVD-2018-18401
Malware in sbrugna...
EUVD-2021-2132
Malware in sbrugna...
EUVD-2022-4127
Malicious code in bioql PyPI...
CVE-2025-31952
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access...
CVE-2025-53106
Graylog grant path vulnerability affects versions 6.2.0–6.2.4 and 6.3.0-alpha.1–6.3.0-rc.2. A weak permission check in the REST API token creation process lets a user with an account issue crafted requests to create API tokens for high-privilege users (including local Administrator), enabling pri...
CVE-2020-36255
An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...
CVE-2025-23387
CVE-2025-23387 concerns Rancher (SUSE Rancher) CLI authentication token exposure. Unauthenticated users could list and delete all CLI tokens before the token value is retrieved, enabling potential information disclosure and token invalidation. Affected Rancher versions: 2.8.0–2.8.13, 2.9.0–2.9.7,...
OESA-2024-2443 python-jwcrypto security update
Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypassCVE-2022-3102 JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6...
PT-2024-9892
Name of the Vulnerable Software and Affected Versions: Ceph RadosGW affected versions not specified Description: The issue is related to insufficient authentication of data when handling JWT tokens, which can be exploited by a remote attacker to bypass the authentication procedure. This can lead ...
CVE-2020-36255
An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...
Leakage Of Session Tokens
fh-wfm-user is vulnerable to leakage of session tokens. The vulnerability exists as the session tokens are stored in the client's LocalStorage instead of being stored in a cookie with the secure and HttpOnly flags...