306 matches found
EUVD-2023-1091
Malicious code in bioql PyPI...
EUVD-2022-4277
Malicious code in bioql PyPI...
EUVD-2023-0552
Malicious code in bioql PyPI...
traQ Allows Insertion of Sensitive Information into Log File
Impact A vulnerability exists where sensitive information, such as OAuth tokens, is recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an...
Linux Distros Unpatched Vulnerability : CVE-2018-1000211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access token...
GHSA-F7GQ-H8JV-H3CQ ash_authentication_phoenix has Insufficient Session Expiration
Impact Session tokens remain valid on the server after user logout, creating a security gap where: - Compromised tokens via XSS, network interception, or device theft continue to work even after the user logs out - The sessions stored in the database still expire, limiting the duration during whi...
CVE-2018-1000211
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...
USN-7394-1: Doorkeeper vulnerabilities
Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...
USN-7394-1 ruby-doorkeeper vulnerabilities
Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...
Linux Distros Unpatched Vulnerability : CVE-2022-2447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from whe...
CVE-2025-25202
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
GitLab Enterprise Edition和GitLab Community Edition 代码问题漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A code issue exists in GitLab Enterprise Edition EE and GitLab Community Edition CE,...
Gitlab -- Vulnerabilities
Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via...
CVE-2025-25202
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202
CVE-2025-25202 affects Ash Authentication (Elixir) in installations bootstrapped with the igniter installer from v4.1.0 up to but not including v4.4.9. The issue is that magic link tokens—as well as tokens revoked manually—could be verified as valid even after revocation, effectively making magic...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Impact Applications which have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not us...
GHSA-QRM9-F75W-HG4C Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Impact Applications which have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not us...