keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the lack of validation for the nonce parameter in the authentication process. An attacker can gain unauthorized access by replaying a previously obtained valid ID token, allowing...

EUVD-2025-203920

Mattermost versions 10.11.x = 10.11.5, 11.0.x = 11.0.4, 10.12.x = 10.12.2 fail to invalidate invite tokens after use which allows malicious actors who have intercepted invite tokens to manipulate channel memberships including adding or removing users from private channels via token replay attack...

PT-2025-44280

Name of the Vulnerable Software and Affected Versions Jenkins SAML Plugin versions 4.583.vc68232f7018a and earlier Description The Jenkins SAML Plugin does not implement a replay cache. This allows attackers who can gather information about the SAML authentication process between a user’s web...

TaleLin Lin-CMS-Flask 访问控制错误漏洞

TaleLin Lin-CMS-Flask is a content management system framework. an access control error vulnerability exists in TaleLin Lin-CMS-Flask, stemming from incorrect access control in Lin-CMS-Flask v0.1.1, which could be exploited by an attacker to obtain sensitive information and/or because the...