3 matches found
CVE-2026-43983 Pocket ID: OIDC refresh token flow bypasses authorization revocation, account disabling, and group restrictions
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...
EVerest 安全漏洞
EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from issues with the WithdrawAuthorization function processing events before TransactionStarted,...
EUVD-2018-14306
Malware in sbrugna...