Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the way the server’s middleware processes "Share Tokens." While these tokens are intended to grant temporary, restricted access to a single file, the BasicAuthMiddleware...

CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

CVE-2026-2247 SQL Injection in Clickedu's SaaS platform

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

silverstripe/framework has possible denial of service attack vector when flushing

A possible denial of service attack vector has been identified in the dev/build system controller. dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments...

GHSA-CWGQ-83W5-8JFQ silverstripe/framework has possible denial of service attack vector when flushing

A possible denial of service attack vector has been identified in the dev/build system controller. dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments...

Host header injection in the password reset

Summary The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able ...

CVE-2024-23648

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...

SUSE CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

Unspecified vulnerability in Moodle (CNVD-2019-43886)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle versions 3.7 through 3.7.2 and 3.6 through 3.6.6, which stems from a failure of the Email med...

openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5123)

This update of the Mozilla XULRunner engine catches up on all previous security problems found in the XULRunner engine. Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet...

SuSE 10 Security Update : epiphany (ZYPP Patch Number 5118)

This update of the Mozilla XULRunner engine catches up on all previous security problems found in the XULRunner engine. Following security problems were fixed : - Web forgery overwrite with div overlay. MFSA 2008-11 / CVE-2008-0594 - URL token stealing via stylesheet redirect. MFSA 2008-10 /...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5095)

This update brings Mozilla Thunderbird to security fix level of version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592...

openSUSE 10 Security Update : epiphany (epiphany-5102)

The Mozilla XULRunner 1.8.1 engine was updated to security update version 1.8.1.12. This includes fixes for the following security issues : - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA...

FreeBSD : mozilla -- multiple vulnerabilities (810a5197-e0d9-11dc-891a-02061b08fc24)

The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - Web forgery overwrite with div overlay - URL token stealing via stylesheet...

openSUSE 10 Security Update : seamonkey (seamonkey-5012)

This update brings Mozilla SeaMonkey to security update version 1.8.1.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5002)

This update brings Mozilla Firefox to security update version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5001)

This update brings Mozilla Firefox to security update version 2.0.0.12 Following security problems were fixed : - Web forgery overwrite with div overlay. MFSA 2008-11 / CVE-2008-0594 - URL token stealing via stylesheet redirect. MFSA 2008-10 / CVE-2008-0593 - Mishandling of locally-saved plain te...

Mozilla Foundation Security Advisory 2008-10

Mozilla Foundation Security Advisory 2008-10 Title: URL token stealing via stylesheet redirect Impact: Low Announced: February 7, 2008 Reporter: Martin Straka Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.12 SeaMonkey 1.1.8 Description Security researcher Martin Straka reported that...