Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/04/08 7:57 p.m.13 views

Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

Impact Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value to retrieveById without validating it's actually a user identifier, potentially resolving an...

7.1CVSS5.8AI score0.00289EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...

5.4CVSS7.1AI score0.00591EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

FreeBSD : PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID (12e3feab-a29f-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 12e3feab-a29f-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged...

4.2CVSS6.4AI score0.00705EPSS
Exploits0References3
CNVD
CNVD
added 2020/11/25 12:0 a.m.13 views

Moodle Access Control Error Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an access control error vulnerability that stems from the fact that if the Upload Course tool is used to delete an...

5.3CVSS6.5AI score0.01368EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/11/19 5:15 p.m.29 views

CVE-2020-25701

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3....

5.3CVSS6.4AI score0.01368EPSS
Exploits0References3
Adobe
Adobe
added 2018/04/10 12:0 a.m.28 views

APSB18-15 Security update available for the Adobe PhoneGap Push plugin

Adobe has released an update for the Adobe PhoneGap Push plugin. This update resolves a Same-Origin Method Execution SOME vulnerability CVE-2018-4943 that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap...

8.8CVSS3.8AI score0.0687EPSS
Exploits0Affected Software1
Rows per page
Query Builder