CVEs classified under CWE-1259, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-36533 — CVSS 9.8 (critical): Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's…
CVE-2024-29371 — CVSS 7.5 (high): In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token…
CVE-2026-25700 — CVSS 7.2 (high): Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0…
CVE-2025-56207 — CVSS 6.5 (medium): A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721…
CVE-2024-4598 — CVSS 6.5 (medium): An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator…
CVE-2025-51306 — CVSS 6.5 (medium): In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without…
CVE-2025-27955 — CVSS 6.5 (medium): Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote…
CVE-2024-36111 — CVSS 6.3 (medium): KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The…
CVE-2025-56676 — CVSS 5.4 (medium): TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset…
CVE-2025-50579 — CVSS 5.3 (medium): A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due…
CVE-2024-45448 — CVSS 4.1 (medium): Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may…
CVE-2024-41948 — CVSS 3.0 (low): biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party…
CVE-2026-40264 — CVSS 2.7 (low): OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version…