7 matches found
CVE-2026-4349
A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...
EUVD-2026-12659
A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the attack...
CVE-2026-4349
A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...
CVE-2026-4349
CVE-2026-4349 affects Duende IdentityServer 4; vulnerable component is the Token Renewal Endpoint under /connect/authorize, where manipulation of the id_token_hint argument leads to improper authentication. The issue is described as remote-exploitable with high attack complexity, but the provided...
PT-2026-25949
A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id token hint causes improper authentication. It is possible to initiate the attack...
Duende IdentityServer 授权问题漏洞
Duende IdentityServer is an open-source framework developed by Duende for ASP.NET Core, which adheres to standard OpenID Connect and OAuth 2.x protocols. Duende IdentityServer has a vulnerability related to authorization. This vulnerability stems from incorrect handling of the parameter idtokenhi...
CVE-2025-3930
Strapi is affected by CVE-2025-3930 due to improper JWT handling: after logout or account deactivation, tokens are not invalidated, enabling an attacker to reuse stolen or intercepted tokens until their expiry. The presence of the publicly accessible /admin/renew-token endpoint further enables ne...