CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

keycloak-core: One Time Passcode (OTP) is valid longer than expiration timeSeverity

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

CVE-2024-1764

Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...

UBUNTU-CVE-2020-11027

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...

sshd-1.x-2.x-login.txt

Date: Sat, 23 Jan 1999 17:06:44 -0500 From: KuRuPTioN To: [email protected] Subject: SSH 1.x and 2.x Daemon There seems to be incomplete code in the SSH daemon in both versions 1.2.27 and 2.0.11 only tested. The bug simply allows users who with expired accounts in /etc/shadow to continue to...