Skip to main content

CWE-1270

Generation of Incorrect Security Tokens

4 CVEs Avg CVSS 7.6 MITRE
2
CRITICAL
0
HIGH
2
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-59698 MEDIUM POC This Month

CVE-2025-59698 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure Nshield 5c Firmware Nshield Connect Xc Mid Firmware Nshield Connect Xc Base Firmware Nshield Connect Xc High Firmware +1
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2023-22644 Go CRITICAL PATCH Act Now

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Manager Server
NVD GitHub
CVSS 4.0
9.4
EPSS
0.5%
CVE-2023-2882 CRITICAL Act Now

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.0.3.4 Panel: v4.0.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-30524 Maven MEDIUM This Month

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Report Portal
NVD
CVSS 3.1
4.3
EPSS
0.4%
EPSS 0% CVSS 6.8
MEDIUM POC This Month

CVE-2025-59698 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure Nshield 5c Firmware Nshield Connect Xc Mid Firmware +3
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Manager Server
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.0.3.4 Panel: v4.0.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Report Portal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy