245 matches found
EUVD-2026-38681
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...
CVE-2026-53928
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...
CVE-2026-46550
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...
CVE-2026-46550 NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...
CVE-2026-46550
NocoDB’s CVE-2026-46550 concerns the refresh-token cookie being set with httpOnly but without Secure and SameSite attributes prior to 2026.04.1. The root cause is in setTokenCookie(), which emitted a cookie with only httpOnly (and possibly domain), leaving it vulnerable to interception over HTTP ...
CVE-2026-53928
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...
NocoDB: Refresh Tokens Persist Through Password Recovery
Summary A stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. Details passwordChange and passwordReset deleted the user's refresh tokens, but passwordForgot only rotated tokenversion and revoked OAuth tokens — it did...
PT-2026-50474
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A stolen refresh token persists after a password-forgot flow, allowing it to be used to generate new JSON Web Tokens JWTs even after a user resets their password. While the passwordChange and...
EUVD-2026-36787
An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...
CVE-2026-50889
An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...
PT-2026-49330
Name of the Vulnerable Software and Affected Versions LLDAP version 0.6.2 Description An input handling flaw in the HTTP refresh token process allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted...
CVE-2026-50889
An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...
CVE-2026-50889
CVE-2026-50889 references an input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 that enables Denial of Service (DoS) when a crafted refresh-token header is sent. The connected sources consistently describe the same vulnerability in LLDAP 0.6.2’s refresh-token handling, but do n...
CVE-2026-50631
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
EUVD-2026-36399
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
PT-2026-48850
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...
CVE-2026-46398
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...