Lucene search
K

13 matches found

OSV
OSV
added 2026/06/18 3:32 p.m.4 views

GHSA-WCPR-6G7X-P44R googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS5.9AI score0.00204EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 10:14 p.m.6 views

GHSA-XH5J-XJFQ-QVVX stigmem-node's federation peer token timestamp validation may reject valid peer tokens

Impact A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated...

7.1CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/07 12:0 p.m.9 views

RUSTSEC-2026-0144 `Program<System>` accepts arbitrary executable programs

Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/09 12:10 p.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the logout handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/auth.py and the token validation path in airflow-core/src/airflow/apifastapi/auth/managers/baseauthmanager.py. An...

9.1CVSS5.8AI score0.00667EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-23278

Malware in sbrugna...

7.5CVSS7.4AI score0.01578EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2024-34602

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/25 3:12 p.m.8 views

CVE-2025-50178 GitForge.jl lacks validation for user provided fields

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...

8.7CVSS0.00414EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.3 views

PT-2025-26860 · Unknown · Gitforge.Jl

Name of the Vulnerable Software and Affected Versions: GitForge.jl versions prior to 5.9.1 Description: The issue is related to a lack of input validation for user-provided values in certain functions. Specifically, in the GitHub.repo function, the repo name field can be set to any string, which ...

8.7CVSS6.4AI score0.00414EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.6 views

CVE-2025-6240

Improper Input Validation vulnerability in Profisee on Windows filesystem modules allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2...

4.9CVSS7.4AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/29 9:34 p.m.6 views

CVE-2025-31198

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation...

4.8AI score0.00188EPSS
Exploits0References3
OSV
OSV
added 2025/05/27 6:0 p.m.5 views

GHSA-8R88-6CJ9-9FH5 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

Impact The library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best...

6.9CVSS7.2AI score0.00745EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.9 views

CVE-2021-29474

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

5.8CVSS6.8AI score0.01599EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/02/05 6:30 a.m.10 views

Browsershot Path Traversal

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

8.8CVSS6.6AI score0.00437EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder