Lucene search
+L

106 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/21 5:52 a.m.3 views

CVE-2026-1035

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS5.4AI score0.00282EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/21 5:52 a.m.5 views

EUVD-2026-3691

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS5.4AI score0.00282EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.10 views

Keycloak security vulnerabilities

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the TokenManager class’s inability to perform atomic validation and updates during the processing of refresh tokens. This issue may allow...

3.1CVSS5.8AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/29 2:3 p.m.5 views

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS4.1AI score0.00382EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/28 3:30 a.m.5 views

EUVD-2025-205489

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS5.7AI score0.00382EPSS
Exploits1References6
NVD
NVD
added 2025/12/28 3:15 a.m.9 views

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS0.00382EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/12/28 2:2 a.m.3 views

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS4.5AI score0.00382EPSS
Exploits1References5
CVE
CVE
added 2025/12/28 2:2 a.m.15 views

CVE-2025-15116

CVE-2025-15116 affects OpenCart up to 4.1.0.3, due to a race condition in the Single-Use Coupon Handler. The issue can be triggered remotely with high attack complexity; exploitation has been publicly released and the vendor reportedly did not respond. Red Hat and other sources corroborate the Op...

6.3CVSS4.2AI score0.00382EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/12/28 2:2 a.m.46 views

CVE-2025-15116 OpenCart Single-Use Coupon race condition

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS0.00382EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/28 2:2 a.m.6 views

CVE-2025-15116 OpenCart Single-Use Coupon race condition

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS4.2AI score0.00382EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.9 views

PT-2025-53631

Name of the Vulnerable Software and Affected Versions OpenCart versions prior to 4.1.0.4 Description A security issue exists in OpenCart related to the Single-Use Coupon Handler component. Manipulation of this component can lead to a race condition. The issue can be exploited remotely and is...

6.3CVSS6.1AI score0.00382EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32087

Malicious code in bioql PyPI...

9.1CVSS9.2AI score0.00403EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-29069

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.50118EPSS
Exploits14References3
Cvelist
Cvelist
added 2025/08/21 8:15 p.m.12 views

CVE-2010-20115 Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption

Arcane Software’s Vermillion FTP Daemon vftpd versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and...

9.3CVSS0.0086EPSS
Exploits0References7
Veracode
Veracode
added 2025/07/17 5:6 a.m.8 views

Improper Authorization

authentik is vulnerable to Improper Authorization. The vulnerability is due to missing session validation for single-use tokens in RAC endpoints, which allows an attacker to reuse a valid token from a shared URL to access another user’s session...

9.6CVSS6.1AI score0.00405EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/07/10 7:15 p.m.32 views

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2024/11/14 6:15 p.m.15 views

CVE-2024-3501

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...

8.1CVSS6.7AI score0.00403EPSS
Exploits0References2
NVD
NVD
added 2024/11/14 6:15 p.m.25 views

CVE-2024-3501

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...

9.1CVSS0.00403EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/14 5:34 p.m.15 views

CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...

9.1CVSS8.7AI score0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/14 5:34 p.m.28 views

CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...

9.1CVSS0.00403EPSS
Exploits0References2
Rows per page
Query Builder