Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

111 matches found

Tenable Nessus
Tenable Nessusadded 2026/06/16 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access t...

5.3CVSS5.5AI score0.00442EPSS
Exploits0References2
NVD
NVDadded 2026/06/15 10:16 a.m.11 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00442EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/15 8:36 a.m.6 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00442EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.9 views

PT-2026-49189

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00442EPSS
Exploits0References4
NVD
NVDadded 2026/06/10 4:16 p.m.7 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00393EPSS
Exploits0References2
CVE
CVEadded 2026/06/10 2:57 p.m.20 views

CVE-2026-25700

CVE-2026-25700 relates to Apache Answer prior to version 2.0.1, where administrative tokens issued before an admin account was suspended, deleted, or deactivated were not invalidated. This allowed continued access to administrative APIs until those tokens expired. Affected product: Apache Answer ...

7.2CVSS5.4AI score0.00393EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/06/10 2:57 p.m.26 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

0.00393EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/10 2:57 p.m.8 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

5.4AI score0.00393EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/08 12:0 a.m.12 views

PT-2026-47329

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/05 7:51 p.m.5 views

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS5.4AI score0.00667EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.6 views

Vaultwarden 代码问题漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.5 contained code vulnerabilities. These vulnerabilities stemmed from the fact that when a user’s security token was refreshed through certain sensitive...

8.1CVSS5.9AI score0.00216EPSS
Exploits1References1
OSV
OSVadded 2026/05/07 2:57 a.m.4 views

GHSA-258C-965C-P3HC Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change

Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...

6.5CVSS5.9AI score
Exploits0References2
EUVD
EUVDadded 2026/05/05 3:31 a.m.3 views

EUVD-2026-27167

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4
Snyk
Snykadded 2026/04/22 5:6 p.m.3 views

Guessable CAPTCHA

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Guessable CAPTCHA through the objects/getCaptcha.php process. An attacker can bypass CAPTCHA protections by manipulating the ql parameter to generate trivially sho...

6.9CVSS5.4AI score0.00218EPSS
Exploits1References2
CVE
CVEadded 2026/04/21 10:21 p.m.15 views

CVE-2026-40935

WWBN/AVideo (versions ≤ 29.0) is affected by a CAPTCHA bypass involving objects/getCaptcha.php. The ql parameter is read directly from the query string without clamping or sanitization, allowing an unauthenticated client to request a 1-character CAPTCHA word. Coupled with a case-insensitive strca...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/16 10:25 a.m.3 views

CVE-2025-12624 Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS5.8AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/16 10:25 a.m.28 views

CVE-2025-12624 Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS0.00177EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/14 11:13 p.m.5 views

CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/13 12:0 a.m.3 views

PT-2026-32403

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS5.8AI score0.00667EPSS
Exploits0References6
NVD
NVDadded 2026/04/09 11:16 a.m.5 views

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS0.00667EPSS
Exploits0References4
Rows per page
Query Builder