71 matches found
Elastic Kibana 安全漏洞
Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana. This vulnerability stems from issues with operations after resources expire or terminate. As a result, time-limited access tokens can still be used beyon...
CVE-2026-40942
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...
EUVD-2025-208649
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...
CVE-2025-13723
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...
CVE-2025-13723
IBM Sterling Partner Engagement Manager (Essentials and Standard Editions) versions 6.2.3.0–6.2.3.5 and 6.2.4.0–6.2.4.2 are affected by a vulnerability that could allow an attacker to obtain sensitive user information via expired access tokens. Root cause described in Red Hat and NVD records is a...
CVE-2025-13723 IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...
IBM Sterling Partner Engagement Manager 安全漏洞
IBM Sterling Partner Engagement Manager is an automated management tool provided by IBM Corporation. Versions of IBM Sterling Partner Engagement Manager prior to 6.2.3.5 and 6.2.4.2 contain security vulnerabilities. These vulnerabilities stem from the risk that attackers may use expired access...
CVE-2026-27968
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
Tattile Smart+ 代码问题漏洞
Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. There are code-related vulnerabilities in Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions. These vulnerabilities stem from an inadequate mechanism for handling expired authentication...
EUVD-2025-202325
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
PT-2025-50250
Name of the Vulnerable Software and Affected Versions Docker Desktop affected versions not specified Description Docker Desktop diagnostics bundles include expired Hub PATs Personal Access Tokens in log output because of error object serialization. This can lead to the leakage of sensitive...
EUVD-2025-199923
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...