PT-2026-42177

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle params/3 in lib/phoenix storybook/live/story/component iframe live.ex...

GHSA-JVP4-Q659-95MJ Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

CVE-2026-34969 Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers,...

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

Masa CMS 跨站脚本漏洞

Masa CMS is a digital experience platform. A cross-site scripting vulnerability exists in Masa CMS versions 7.2.8 and earlier, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8, and 7.5.0 through 7.5.1, which stems from an ajax URL query parameter that is not cleaned up and included directly in t...

EUVD-2023-2611

Malicious code in bioql PyPI...

EUVD-2022-1591

Malicious code in bioql PyPI...

PT-2025-7059 · Unknown · Audiobookshelf

Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions 2.17.0 through 2.19.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in t...

GHSA-X4HH-VJM7-G2JV Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Summary Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. Details The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string...

Sql injection

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

CVE-2023-37279 Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

Design/Logic Flaw

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

CVE-2022-29810

CVE-2022-29810 affects the HashiCorp go-getter library, where versions before 1.5.11 fail to redact an SSH private key in a URL query parameter. In practice, this can lead to exposure of SSH credentials in logs or error messages, potentially readable by local users with access to the logfile. Con...

CVE-2021-23495 Open Redirect

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the returnurl query parameter...

CVE-2021-21607

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

Django Cross-site Scripting in AdminURLFieldWidget

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

U.S. Dept Of Defense: Video player on ███ allows arbitrary remote videos to be played

Summary: A Flash video player hosted on ███████ can be provided with an arbitrary remote XML file via the url query string parameter. Description: The Flash video player http://█████/shared/widgets/popup.asp uses the url query string parameter as an address to fetch an RSS feed type XML document...

Unfixed XSS vulnerability at super.balsas.lt

Security researcher F3nix, has submitted on 03/03/2008 a cross-site-scripting XSS vulnerability affecting super.balsas.lt, which at the time of submission ranked 19403 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is currently...