CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

5.3CVSS7.3AI score0.00131EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:55 a.m.•7 views

CVE-2024-28196

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...

6.5CVSS6.5AI score0.00244EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:46 a.m.•4 views

CVE-2024-28193

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

6.5CVSS6.4AI score0.004EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 1:2 a.m.•5 views

CVE-2024-28195

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

8.8CVSS7AI score0.00488EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 12:55 a.m.•3 views

CVE-2024-28194

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

9.8CVSS7.1AI score0.0022EPSS

Exploits1References1

NVD•added 2024/03/13 9:16 p.m.•12 views

CVE-2024-28193

6.5CVSS6.3AI score0.004EPSS

Exploits1References1

NVD•added 2024/03/13 9:16 p.m.•8 views

CVE-2024-28192

5.3CVSS5.5AI score0.00131EPSS

Exploits1References1

Prion•added 2024/03/13 9:16 p.m.•13 views

Sql injection

5CVSS7.5AI score0.00131EPSS

Exploits1References1

Prion•added 2024/03/13 9:16 p.m.•21 views

Design/Logic Flaw

4CVSS6.7AI score0.004EPSS

Exploits1References1

Cvelist•added 2024/03/13 8:19 p.m.•17 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

6.5CVSS6.5AI score0.004EPSS

Exploits1References1

CVE•added 2024/03/13 8:19 p.m.•74 views

CVE-2024-28193

The CVE affects YourSpotify

6.5CVSS6.3AI score0.004EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/03/13 8:19 p.m.•18 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

6.5CVSS6.7AI score0.004EPSS

Exploits1References1

OSV•added 2024/03/13 8:19 p.m.•7 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

6.5CVSS6.2AI score0.004EPSS

Exploits1References3

CVE•added 2024/03/13 8:15 p.m.•28 views

CVE-2024-28192

The CVE-2024-28192 entry concerns YourSpotify, an open source self-hosted Spotify tracking dashboard. A NoSQL injection flaw exists in the public access token processing logic for versions before 1.8.0, allowing an attacker to fully bypass the public token authentication mechanism without user in...

5.3CVSS5.5AI score0.00131EPSS

Exploits1References1Affected Software1

NVD•added 2024/03/13 7:15 p.m.•10 views

CVE-2024-28194

9.8CVSS9.3AI score0.0022EPSS

Exploits1References1

Prion•added 2024/03/13 7:15 p.m.•19 views

Design/Logic Flaw

6.4CVSS7.3AI score0.0022EPSS

Exploits1References1

Rows per page