Use of a Key Past its Expiration Date

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the reuse of a previously resolved bearer authentication configuration in the gateway after a SecretRef rotation. An attacker can maintain...

CVE-2026-35462

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

CVE-2026-3237

In Octopus Server, a low-privileged user could exploit an API endpoint with insufficient permission validation to modify the signing key expiration and revocation time frames. The issue affects the API layer but does not allow exposure of signing keys. CVSS v4.0 base score 2.3 (LOW) with network ...

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, designed for continuous delivery. There is a security vulnerability in Octopus Server, which stems from incorrect permission validation for API endpoints. This vulnerability could all...

Medium: cni-plugins

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993073 advisory. In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionall...

CVE-2025-48813

Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally...

EUVD-2025-34355

Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally...

CVE-2025-48813

Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally...

Virtual Secure Mode Spoofing Vulnerability

Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally...

EUVD-2001-0273

Malware in sbrugna...

EUVD-2022-4322

Malicious code in bioql PyPI...

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date in the CreateOIDCJWTProfileClient function, which doesn't sufficiently check token expiry times for Authorization Grants. An attacker can obtain valid access tokens by using an expired JWT key...

CVE-2025-31123

CVE-2025-31123 — Zitadel (open-source identity infrastructure) : A vulnerability exists where Zitadel fails to properly check the expiration date of the JWT key when used for Authorization Grants. An attacker with an expired key can obtain valid access tokens, while the JWT Profile for OAuth 2.0 ...

Linux Distros Unpatched Vulnerability : CVE-2024-36031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is...

kernel: keys: Fix overwrite of key expiration on instantiation

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set ...

Conduit Security Vulnerabilities

Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in Conduit versions prior to v0.8.0, which stems from a key expiration that is not taken into account when verifying signatures, which could lead to an attacker using the...