Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1991 matches found

NVD
NVDadded 2025/12/15 2:15 p.m.2 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS0.00039EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/15 12:0 a.m.17 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

0.00039EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/15 12:0 a.m.2 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

6.6AI score0.00039EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/12/12 12:0 a.m.4 views

Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...

7.5CVSS6.8AI score0.00466EPSS
Exploits2References4
RedhatCVE
RedhatCVEadded 2025/12/11 8:33 p.m.2 views

CVE-2025-66406

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS6.8AI score0.00027EPSS
Exploits0References2
OSV
OSVadded 2025/12/11 2:24 p.m.0 views

USN-7926-1 keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.4AI score0.00466EPSS
Exploits2References4
Ubuntu
Ubuntuadded 2025/12/11 2:24 p.m.3 views

USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.8AI score0.00466EPSS
Exploits2
OSV
OSVadded 2025/12/08 9:31 p.m.1 views

GO-2025-4181 step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates

step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates...

5CVSS6.8AI score0.00027EPSS
Exploits0References2
Packet Storm News
Packet Storm Newsadded 2025/12/07 12:0 a.m.1 views

Managed TLS under Migration: Authentication Authority across CDN and Hosting Transitions

Managed TLS has become a common approach for deploying HTTPS, with platforms generating and storing private keys and automating certificate issuance on behalf of domain operators. This model simplifies operational management but shifts control of authentication material from the domain owner to t...

6.8AI score
Exploits0
NVD
NVDadded 2025/12/03 8:16 p.m.4 views

CVE-2025-66406

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS0.00027EPSS
Exploits0References1
Snyk
Snykadded 2025/12/03 7:45 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...

5.9CVSS6.5AI score0.00027EPSS
Exploits0References2
Snyk
Snykadded 2025/12/03 7:45 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...

5.9CVSS6.5AI score0.00027EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/03 7:13 p.m.1 views

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS6.4AI score0.00027EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/03 7:13 p.m.3 views

EUVD-2025-201014

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS6.3AI score0.00027EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/03 7:13 p.m.11 views

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS0.00027EPSS
Exploits0References1
OSV
OSVadded 2025/12/03 7:13 p.m.2 views

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS6.7AI score0.00027EPSS
Exploits0References3
CVE
CVEadded 2025/12/03 7:13 p.m.6 views

CVE-2025-66406

CVE-2025-66406 affects Step CA (github.com/smallstep/certificates). Before version 0.29.0, there is an improper authorization check for SSH certificate revocation, impacting deployments configured with the SSHPOP provisioner. The root cause is inadequate authorization on revocation requests; the ...

5CVSS6.4AI score0.00027EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2025/12/03 7:13 p.m.2 views

CVE-2025-66406

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

5CVSS6.8AI score0.00027EPSS
Exploits0
OSV
OSVadded 2025/12/03 4:27 p.m.1 views

GHSA-J7C9-79X7-8HPR step-ca Has Improper Authorization Check for SSH Certificate Revocation

Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate preventing...

5CVSS6.3AI score0.00027EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/12/03 4:27 p.m.4 views

step-ca Has Improper Authorization Check for SSH Certificate Revocation

Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate preventing...

5CVSS6.4AI score0.00027EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder