Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/19 1:17 p.m.8 views

EUVD-2026-38024

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

6.3CVSS5.8AI score0.0043EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 5:16 p.m.41 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.17 views

PT-2026-39642

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 5:20 p.m.5 views

GHSA-H5FQ-653G-GXRM ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

5.3CVSS5.7AI score
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There are security vulnerabilities in versions of Spring Security 5.7.22 and earlier, 5.8.24 and earlier, 6.3.15 and earlier, 6.5.9 and earlier, and 7.0.4 and earlier...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 7:16 p.m.4 views

CVE-2026-33527

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...

5.3CVSS0.00255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.3 views

PT-2026-27481

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The password resets table includes a created at timestamp column, but the token validation logic never checks it. A password reset token remains valid...

6.5CVSS5.7AI score0.00264EPSS
Exploits1References3
NVD
NVD
added 2025/11/30 5:16 a.m.8 views

CVE-2025-66432

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date...

5CVSS0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/14 12:39 p.m.5 views

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

8.1CVSS5.4AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/14 12:39 p.m.18 views

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

8.1CVSS0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.5 views

PT-2024-7968 · Eclipse · Eclipse Dataspace Components

Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.5.0 through 0.9.0 Description: The issue is related to the ConsumerPullTransferTokenValidationApiController component, which has inadequate authentication procedures. This allows a remote attacker to...

8.5CVSS7.8AI score0.00407EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.7 views

SAMSUNG Mobile devices Authorization Issues Vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. An authorization issue vulnerability exists in SAMSUNG Mobile devices prior to version 1.8.17, which stems from an improper authentication issue in...

7.5CVSS7AI score0.00483EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/20 6:45 p.m.2 views

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release due to the password reset functionality. An attacker can accept an invitation for an unlimited amount of time by exploiting the lack of validation for the pending invitation's expiry...

7.4CVSS7AI score0.00791EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.2 views

PT-2022-23196 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: The expiration time of a password reset link for TYPO3 backend users has never been evaluated, allowing a password reset link to be used even after the default expir...

5.4CVSS5.3AI score0.00735EPSS
Exploits0References13
OSV
OSV
added 2020/07/14 6:15 p.m.5 views

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...

7.5CVSS7.1AI score0.01045EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/07/14 6:15 p.m.3 views

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...

7.5CVSS7.5AI score0.01045EPSS
Exploits0References3
Rows per page
Query Builder