Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/06/05 4:43 p.m.43 views

NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.9 views

PT-2026-49060

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description OAuth access and refresh tokens are not revoked when a user changes, resets, or recovers their password. This occurs because the revokeAllOAuthTokensByUser function in the users service was an emp...

6.3CVSS5.9AI score0.00295EPSS
Exploits0References9
OSV
OSVadded 2025/11/12 4:47 p.m.1 views

MAL-2025-154673 Malicious code in dioago-kamo-ala (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3371a361974d6baba10d18340abf8a98d2837a7f942f44f9a6d52fee3b0f083f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/12 4:29 a.m.2 views

Malicious code in nodejs-cygnus-sync-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ce14a4ddd7e7d11d764543dc23faf3d5934fb6001941a7c607b55b5975b389 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSVadded 2025/11/12 4:29 a.m.2 views

MAL-2025-146019 Malicious code in pegasus-callback-build-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa451bc61732e3800480939f0e2c59aacea12ed0549347ad33424411dbe39b55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSVadded 2025/11/11 7:1 a.m.0 views

MAL-2025-98722 Malicious code in frantic_slug_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c904b9ebcda8835c3296a759911689c3207d8550a4c0ca63a8b9fd5e3fc7c9ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder