106 matches found
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
EUVD-2026-3691
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
Keycloak security vulnerabilities
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the TokenManager class’s inability to perform atomic validation and updates during the processing of refresh tokens. This issue may allow...
CVE-2025-15116
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
EUVD-2025-205489
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-15116
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-15116
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-15116
CVE-2025-15116 affects OpenCart up to 4.1.0.3, due to a race condition in the Single-Use Coupon Handler. The issue can be triggered remotely with high attack complexity; exploitation has been publicly released and the vendor reportedly did not respond. Red Hat and other sources corroborate the Op...
CVE-2025-15116 OpenCart Single-Use Coupon race condition
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-15116 OpenCart Single-Use Coupon race condition
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
PT-2025-53631
Name of the Vulnerable Software and Affected Versions OpenCart versions prior to 4.1.0.4 Description A security issue exists in OpenCart related to the Single-Use Coupon Handler component. Manipulation of this component can lead to a race condition. The issue can be exploited remotely and is...
EUVD-2024-32087
Malicious code in bioql PyPI...
EUVD-2025-29069
Malicious code in bioql PyPI...
CVE-2010-20115 Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption
Arcane Software’s Vermillion FTP Daemon vftpd versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and...
Improper Authorization
authentik is vulnerable to Improper Authorization. The vulnerability is due to missing session validation for single-use tokens in RAC endpoints, which allows an attacker to reuse a valid token from a shared URL to access another user’s session...
CVE-2025-53709
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...
CVE-2024-3501
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...
CVE-2024-3501
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...
CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...
CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...