1609 matches found
CVE-2026-9802 Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...
CVE-2026-9802
Keycloak contains a vulnerability where, with revokeRefreshToken=true and persistent session storage, a server restart can reset internal timing mechanisms, enabling a remote attacker who has captured a user’s refresh token to replay it after revocation. This can grant unauthorized access to the ...
CVE-2026-9802
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...
Insufficient Session Expiration
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the startupTime reset during server restart when revokeRefreshToken=tr...
Langflow < 1.7.0 CORS Misconfiguration Account Takeover and RCE (CVE-2025-34291)
The version of Langflow installed on the remote host is prior to 1.7.0. It is, therefore, affected by a remote code execution vulnerability: - An overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origi...
Keycloak 代码问题漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has code-related vulnerabilities. These vulnerabilities arise when the revokeRefreshToken=true setting is enabled, and persistent session storage is used. A server restart can reset the internal...
Sensitive Cookie in HTTPS Session Without "Secure" Attribute
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute through the setTokenCookie function in the authentication service. An attacker can steal or replay the refreshtoken by intercepting it over plaintext HTTP o...
NPM: NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
NPM: NocoDB: Refresh Token Cookie Set Without secure and sameSite Flags vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
GHSA-F74W-272X-MQCV NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...
Langflow Origin Validation Error Vulnerability
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh...
PT-2026-42676
Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description The refresh-token cookie is configured with httpOnly: true but lacks the secure flag and the sameSite attribute. The absence of the secure flag allows the cookie to be intercepted over plain...
PT-2026-42621
Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...
GO-2026-4966 monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr
monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...
Astra Linux - уязвимость в thunderbird
If a Thunderbird user responded to a crafted HTML email containing a meta tag, where the meta tag had the http-equiv="refresh" attribute, and the content attribute specified a URL, then Thunderbird would initiate a network request to that URL, regardless of any configuration settings that block...
Astra Linux – Vulnerability in Flask
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...
Astra Linux - уязвимость в postgresql-11
A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021547)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021547 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drmmodevrefresh drmmodevrefresh is trying to avoid divi...
PT-2026-42370
monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...
Nuxt: Reflected XSS in `navigateTo()` external redirect
Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...