Lucene search
K

37 matches found

EUVD
EUVD
added 2026/07/02 8:31 p.m.10 views

EUVD-2026-37817

Steeltoe's static JWKS cache shared across schemes and never invalidated...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:30 p.m.13 views

EUVD-2026-36791

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2026-11931

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 6:33 p.m.35 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00115EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 6:33 p.m.91 views

CVE-2026-11931

CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 6:33 p.m.9 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49284

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00115EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40942

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.5AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 10:16 p.m.6 views

CVE-2026-40942

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 9:9 p.m.3 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 9:9 p.m.6 views

EUVD-2026-24496

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 9:9 p.m.32 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 9:9 p.m.13 views

CVE-2026-40942

The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-34186

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/15 7:19 p.m.10 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 7:19 p.m.8 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 7:19 p.m.5 views

GHSA-XMJ9-7625-F634 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/15 7:19 p.m.13 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/15 7:19 p.m.10 views

Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2026/04/06 5:17 p.m.13 views

CVE-2026-35030

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

9.4CVSS0.0049EPSS
Exploits1References7
Rows per page
Query Builder