Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-1427

Malware in sbrugna...

9.1CVSS9AI score0.01051EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18401

Malware in sbrugna...

8.8CVSS8.8AI score0.00515EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2132

Malware in sbrugna...

3.5CVSS4.5AI score0.00458EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-4127

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01502EPSS
Exploits0References9
NVD
NVD
added 2025/07/24 9:15 p.m.3 views

CVE-2025-31952

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access...

7.1CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2025/07/02 1:28 p.m.65 views

CVE-2025-53106

Graylog grant path vulnerability affects versions 6.2.0–6.2.4 and 6.3.0-alpha.1–6.3.0-rc.2. A weak permission check in the REST API token creation process lets a user with an account issue crafted requests to create API tokens for high-privilege users (including local Administrator), enabling pri...

8.8CVSS6.5AI score0.005EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.5 views

CVE-2020-36255

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

7.5CVSS7AI score0.01532EPSS
Exploits0
CVE
CVE
added 2025/04/11 10:52 a.m.70 views

CVE-2025-23387

CVE-2025-23387 concerns Rancher (SUSE Rancher) CLI authentication token exposure. Unauthenticated users could list and delete all CLI tokens before the token value is retrieved, enabling potential information disclosure and token invalidation. Affected Rancher versions: 2.8.0–2.8.13, 2.9.0–2.9.7,...

5.3CVSS5.4AI score0.00508EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 2:22 p.m.6 views

OESA-2024-2443 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypassCVE-2022-3102 JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6...

6.8CVSS6.9AI score0.0098EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/11/02 12:0 a.m.3 views

PT-2024-9892

Name of the Vulnerable Software and Affected Versions: Ceph RadosGW affected versions not specified Description: The issue is related to insufficient authentication of data when handling JWT tokens, which can be exploited by a remote attacker to bypass the authentication procedure. This can lead ...

8.5CVSS7.1AI score0.00192EPSS
Exploits0References38
NVD
NVD
added 2021/03/05 3:15 a.m.21 views

CVE-2020-36255

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

7.5CVSS0.01532EPSS
Exploits0References3
Veracode
Veracode
added 2017/03/31 3:17 a.m.8 views

Leakage Of Session Tokens

fh-wfm-user is vulnerable to leakage of session tokens. The vulnerability exists as the session tokens are stored in the client's LocalStorage instead of being stored in a cookie with the secure and HttpOnly flags...

6.4AI score
Exploits0
Rows per page
Query Builder