23 matches found
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
org.keycloak.services.resources.organizations: Keycloak: Unauthorized organization registration via improper invitation token validation
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...
org.keycloak.services.resources.organizations: Keycloak: Unauthorized organization registration via improper invitation token validation
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...
CVE-2026-1529
CVE-2026-1529 affects Keycloak. An attacker can craft/modify a legitimate invitation token’s JWT payload to change the organization ID and target email, exploiting a lack of cryptographic signature verification to self-register into an unauthorized organization and gain access. The vulnerability ...
CVE-2025-62601
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...
UBUNTU-CVE-2025-62601
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...
CVE-2025-64098 FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
EUVD-2025-206657
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...
CVE-2025-62602
Fast DDS has a heap buffer overflow in the DATA Submessage when DDS Security is enabled, caused by tampering with PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN (readOctetVector) that can overflow length calculation and trigger large allocations leading to OOM and remote denial of service. Affected ...
CVE-2025-62600
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
CVE-2025-62600 FastDDS has Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.7.0 and earlier, which stems from the incorrect manipulation of the parameter token in the CSRF Token Handler component, which could lead to authorization bypass...
CVE-2021-21474
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidatin...
CLSA-2024-1726769233 krb5: Fix of 2 CVEs
CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application - CVE-2024-37371: fix invalid memory reads during GSS message token handling...
AMD EPYC Buffer Error Vulnerability
AMD EPYC is a line of x86 architecture server microprocessors from AMD, known in Chinese as Xiaolong, which utilizes the Zen microarchitecture. The AMD EPYC suffers from a security vulnerability that originates from the inability to validate the value in the APCB, a privileged attacker may be abl...
PT-2023-12086 · Suse · Suse
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the failure to validate the value in APCB, which may allow a privileged attacker to tamper with the APCB token. This tampering...
CVE-2023-4659
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an...
CVE-2021-35530
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...
PT-2020-7931
Name of the Vulnerable Software and Affected Versions: jws versions prior to 3.0.0 Description: The issue allows a malicious actor to modify the contents of a JWT while still passing verification, potentially leading to a complete authentication bypass. This can be achieved by exploiting the...
CSRF Magic has an unspecified vulnerability
CSRF Magic is a CSRF Cross Site Request Forgery protection library for PHP applications. A security vulnerability in the 'csrfcallback' function in CSRF Magic 2016-03-27 and prior versions stems from a program that allows an attacker to tamper with csrf token values. A remote attacker can exploit...