Astra Linux – Vulnerability in bind9

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions of BIND 9 Supported Preview Edition such as 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1, as well as the release version 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL It appears that the ICL may hang when using an MCE if we set TRANSVRRVMAX/FLIPLINE before enabling TRANSDDIFUNCCTL. Personally, I was only able to reproduce a han...

Astra Linux – Vulnerability in Firefox

There was a potential “use-after-free” vulnerability in SVG images if the Refresh Driver was destroyed at an inappropriate time. This could lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering that it had inadvertentl...

PT-2026-50982

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description An arbitrary address write issue exists in the reference AV1 codec implementation. A missing bounds check in the Scalable Video Coding SVC layer ID control function allows an attacker to injec...

GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

PT-2026-50741

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description The OAuth2 / OIDC CodeExchange and RefreshToken implementations fail to validate that the requesting client matches the client that originally initiated th...

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

NocoDB: Refresh Tokens Persist Through Password Recovery

Summary A stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. Details passwordChange and passwordReset deleted the user's refresh tokens, but passwordForgot only rotated tokenversion and revoked OAuth tokens — it did...

PT-2026-50474

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A stolen refresh token persists after a password-forgot flow, allowing it to be used to generate new JSON Web Tokens JWTs even after a user resets their password. While the passwordChange and...

EUVD-2026-36787

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...

Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes

Description Symfony\Component\HtmlSanitizer\Visitor\AttributeSanitizer\UrlAttributeSanitizer::getSupportedAttributes enumerates the attribute names whose values are scrubbed through UrlSanitizer::sanitize scheme and host allow-lists, javascript: rejection, BiDi check, etc.. The list is 'src',...

PT-2026-49330

Name of the Vulnerable Software and Affected Versions LLDAP version 0.6.2 Description An input handling flaw in the HTTP refresh token process allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted...

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

CVE-2026-50889

CVE-2026-50889 references an input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 that enables Denial of Service (DoS) when a crafted refresh-token header is sent. The connected sources consistently describe the same vulnerability in LLDAP 0.6.2’s refresh-token handling, but do n...

EUVD-2026-36612

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially...

CVE-2026-53824

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially...

CVE-2026-53824

Mattermost/OpenClaw before 2026.4.24 contains a token revocation lag vulnerability where revoked slash tokens can still execute commands briefly during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior after revocation, potentially enabling una...