Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1610 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 8:46 a.m.5 views

CVE-2025-23488

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from n/a through = 1.0...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/12/27 12:0 a.m.6 views

NewStart CGSL MAIN 7.02 : libpq Multiple Vulnerabilities (NS-SA-2025-0255)

The remote NewStart CGSL host, running version MAIN 7.02, has libpq packages installed that are affected by multiple vulnerabilities: - Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH...

8.8CVSS8.4AI score0.04422EPSS
Exploits1References11
CNNVD
CNNVDadded 2025/12/24 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a RAC refresh enabled when booting from TP1 on the BCM6358, which could cause the kernel to crash...

6.1AI score0.00173EPSS
Exploits0References7
OSV
OSVadded 2025/12/17 7:16 p.m.3 views

CVE-2025-13324

Mattermost versions 10.11.x = 10.11.5, 11.0.x = 11.0.4, 10.12.x = 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy version 1 protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to...

3.7CVSS6.9AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/12/17 10:3 a.m.16 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS6.9AI score0.00138EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2025/12/17 9:2 a.m.8 views

ext4: refresh inline data size before write operations

...

5.5CVSS5.3AI score0.0018EPSS
Exploits0
EUVD
EUVDadded 2025/12/15 3:30 p.m.9 views

EUVD-2025-203377

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS6.4AI score0.00138EPSS
Exploits0References2
OSV
OSVadded 2025/12/15 3:30 p.m.3 views

GHSA-QHMC-3MVR-F2J4 django-allauth does not reject access tokens for inactive users

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS6.8AI score0.00138EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/12/15 3:30 p.m.10 views

django-allauth does not reject access tokens for inactive users

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS7AI score0.00138EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/12/15 2:15 p.m.4 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS5.8AI score
Exploits0References1
PyPA
PyPAadded 2025/12/15 2:15 p.m.11 views

PYSEC-2025-110

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2025/12/15 2:15 p.m.5 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS0.00138EPSS
Exploits0References1
OSV
OSVadded 2025/12/15 2:15 p.m.4 views

PYSEC-2025-110

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
OSV
OSVadded 2025/12/15 2:15 p.m.7 views

UBUNTU-CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/12/15 12:0 a.m.3 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

6.6AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/15 12:0 a.m.22 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

0.00138EPSS
Exploits0References1
CVE
CVEadded 2025/12/15 12:0 a.m.28 views

CVE-2025-65430

CVE-2025-65430 affects allauth-django prior to 65.13.0. The issue arises when an IdP marks a user as is_active=False after tokens have been issued for that user, leaving active tokens potentially usable. The root cause is that marking the user inactive had no effect on existing tokens. The publis...

5.4CVSS6.6AI score0.00138EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2025/12/13 4:36 a.m.7 views

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

5.4CVSS6.6AI score0.00272EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/08 1:11 p.m.3 views

CVE-2025-34291

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...

9.4CVSS8.4AI score0.7889EPSS
Exploits3References1
GithubExploit
GithubExploitadded 2025/12/06 2:41 a.m.424 views

Exploit for CVE-2025-66478

fix-react2shell-next One...

7.1AI score
Exploits111
Rows per page
Query Builder