2487 matches found
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...
CVE-2025-55705
This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...
CVE-2025-55705 EVMAPA Insufficient Session Expiration
This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...
CVE-2025-55705
CVE-2025-55705 involves charging-station backends allowing multiple simultaneous connections with the same station ID due to insufficient session management and expiration controls. Affected component is the charging-station/session backend; outcome includes unauthorized access, data inconsistenc...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37800)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37800 advisory. - In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer...
PT-2026-4302
Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The system allows multiple simultaneous connections to the backend using the same charging station ID. This can lead to unauthorized access, data inconsistency, or...
EVMAPA code-related vulnerabilities
EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has code-related vulnerabilities. These vulnerabilities stem from the system’s ability to allow multiple concurrent connections using the same charging station ID, along with insufficient session...
Azure Linux 3.0 Security Update: kernel (CVE-2025-22060)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22060 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory...
Azure Linux 3.0 Security Update: kernel (CVE-2024-47741)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47741 advisory. - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the validateTokenReuse method in the TokenManager class. ...
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
UBUNTU-CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
EUVD-2026-3691
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035
CVE-2026-1035 describes a race condition in Keycloak’s TokenManager when strict refresh token rotation is enabled: the validation/update of refresh token usage is not atomic, allowing concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from one refresh to...
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
PT-2026-3754
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
Keycloak security vulnerabilities
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the TokenManager class’s inability to perform atomic validation and updates during the processing of refresh tokens. This issue may allow...