305 matches found
CVE-2025-56643
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...
PT-2025-47368
Name of the Vulnerable Software and Affected Versions Wiki.js version 2.5.307 Description Wiki.js does not properly revoke or invalidate active JWT tokens when a user logs out. This allows previously issued tokens to remain valid and be reused to access the system, even after logout. The issue...
CVE-2025-56643
CVE-2025-56643 affects Wiki.js 2.5.307. The root cause is in the authentication resolver logic, where active JWT tokens are not properly revoked or invalidated on user logout. This leaves previously issued tokens valid for GraphQL and logout endpoints, enabling potential unauthorized access if a ...
CVE-2024-21635
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
EUVD-2024-19274
Memos' Access Tokens Stay Valid after User Password Change...
Memos' Access Tokens Stay Valid after User Password Change
Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...
GHSA-MR34-8733-GRR2 Memos' Access Tokens Stay Valid after User Password Change
Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...
CVE-2024-21635
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
Mastodon 代码问题漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A code issue vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from an administrator failing to revoke active sessions and access tokens when...
EUVD-2014-0025
Malware in sbrugna...
EUVD-2018-0373
Malware in sbrugna...
EUVD-2017-0157
Malware in sbrugna...
EUVD-2014-0029
Malware in sbrugna...
EUVD-2021-1002
Malware in sbrugna...
EUVD-2014-0091
Malware in sbrugna...
EUVD-2025-4088
Malicious code in bioql PyPI...
EUVD-2023-1091
Malicious code in bioql PyPI...
EUVD-2022-34708
Malicious code in bioql PyPI...