32 matches found
EUVD-2020-18482
Malware in sbrugna...
EUVD-2019-11426
Malware in sbrugna...
EUVD-2019-13429
Malware in sbrugna...
EUVD-2025-13498
Malicious code in bioql PyPI...
EUVD-2024-37377
Malicious code in bioql PyPI...
CVE-2024-6337
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...
CVE-2024-5816
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...
CVE-2019-20889
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation...
CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-22249
CVE-2025-22249 is a DOM-based Cross‑Site Scripting (XSS) flaw in VMware Aria Automation. Affected product: VMware Aria Automation (8.18.x line). Root cause: DOM-based XSS that enables an attacker to steal the access token of a logged-in user by convincing the user to click a malicious crafted pay...
CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...
CVE-2024-6337
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...
CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...
CVE-2024-5816
CVE-2024-5816 – GitHub Enterprise Server : An Incorrect Authorization flaw allows a suspended GitHub App to retain access to repositories via a scoped user access token. Impact is limited to public repositories; private repos are not affected. Affected: all GitHub Enterprise Server versions prior...
CVE-2024-5816 Improper authorization allows persistent access in GitHub Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...
CVE-2024-38505
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site...
CVE-2024-38505
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site...
CVE-2024-38505
JetBrains YouTrack (versions prior to 2024.2.34646) is affected by CVE-2024-38505 due to insufficient protection in the Access Token Handler, allowing user access tokens to be sent to a third-party site. The issue could permit unauthorized access to protected information. Remediation: upgrade to ...
CVE-2024-38505
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site...
GitHub: GitHub Apps can access suspended installations via scoped user-to-server tokens
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This vulnerability was only exploitable in public repositories. The vulnerability affected all versions of...