Lucene search
K

313 matches found

NVD
NVD
added 2025/12/15 2:15 p.m.6 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.23 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

6.6AI score0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.6 views

Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...

7.5CVSS6.8AI score0.01319EPSS
Exploits2References4
OSV
OSV
added 2025/12/11 2:24 p.m.3 views

USN-7926-1 keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.4AI score0.01319EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2025/12/11 2:24 p.m.4 views

USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.8AI score0.01319EPSS
Exploits2
EUVD
EUVD
added 2025/11/18 12:0 a.m.5 views

EUVD-2025-198058

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

6.5AI score0.00332EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 12:0 a.m.17 views

CVE-2025-56643

CVE-2025-56643 affects Wiki.js 2.5.307. The root cause is in the authentication resolver logic, where active JWT tokens are not properly revoked or invalidated on user logout. This leaves previously issued tokens valid for GraphQL and logout endpoints, enabling potential unauthorized access if a ...

9.1CVSS6.6AI score0.00332EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.8 views

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.4 views

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

6.6AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47368

Name of the Vulnerable Software and Affected Versions Wiki.js version 2.5.307 Description Wiki.js does not properly revoke or invalidate active JWT tokens when a user logs out. This allows previously issued tokens to remain valid and be reused to access the system, even after logout. The issue...

9.1CVSS6.7AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/17 9:7 a.m.6 views

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.5CVSS6.5AI score0.00254EPSS
Exploits1References1
OSV
OSV
added 2025/11/14 10:9 p.m.3 views

GHSA-MR34-8733-GRR2 Memos' Access Tokens Stay Valid after User Password Change

Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...

7.1CVSS6.9AI score0.00254EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/14 10:9 p.m.8 views

EUVD-2024-19274

Memos' Access Tokens Stay Valid after User Password Change...

7.1CVSS6.4AI score0.00254EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/14 10:9 p.m.7 views

Memos' Access Tokens Stay Valid after User Password Change

Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...

7.5CVSS7AI score0.00254EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/11/14 3:15 p.m.8 views

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.5CVSS0.00254EPSS
Exploits1References1
OSV
OSV
added 2025/11/14 2:11 p.m.7 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS6.4AI score0.00254EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/14 2:11 p.m.3 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS6.1AI score0.00254EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.5 views

Mastodon 代码问题漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A code issue vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from an administrator failing to revoke active sessions and access tokens when...

3.5CVSS7AI score0.00197EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-0029

Malware in sbrugna...

4.9CVSS6.1AI score0.01488EPSS
Exploits0References16
Rows per page
Query Builder