Lucene search
K

47 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-12867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by...

5.9CVSS6.5AI score0.0125EPSS
Exploits0References2
OSV
OSV
added 2025/08/19 5:43 a.m.4 views

BIT-JENKINS-2024-9453 Jenkins-image: sensitive data disclosure when using openshift jenkins image

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...

6.5CVSS6.8AI score0.00344EPSS
Exploits0References3
OSV
OSV
added 2025/07/24 9:15 p.m.2 views

CVE-2025-31952

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access...

7.1CVSS5.8AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/24 9:1 p.m.8 views

CVE-2025-31952 HCL iAutomate is affected by an insufficient session expiration

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access...

7.1CVSS0.00318EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/16 2:9 p.m.5 views

File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

9.8CVSS6.5AI score0.00498EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2025/06/27 3:3 p.m.13 views

CVE-2025-52553 authentik has Insufficient Session verification for Remote Access Control endpoint access

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, howev...

5.5CVSS0.00405EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.28 views

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

8.1CVSS7AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/10 12:0 a.m.12 views

CVE-2021-35473

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4...

7AI score0.00404EPSS
Exploits0References2
OSV
OSV
added 2024/09/11 3:31 p.m.83 views

GHSA-8259-2X72-2GVC Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

7.3CVSS8.1AI score0.00407EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/09/11 3:31 p.m.31 views

Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

8.1CVSS7.2AI score0.00407EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/09/11 2:15 p.m.50 views

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

8.1CVSS0.00407EPSS
Exploits0References4
OSV
OSV
added 2024/09/11 1:34 p.m.29 views

CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

5CVSS7.2AI score0.00407EPSS
Exploits0References8
CVE
CVE
added 2024/09/11 1:34 p.m.93 views

CVE-2024-8642

CVE-2024-8642 affects Eclipse Dataspace Components: versions 0.5.0 up to before 0.9.0 suffer from a missing token validity check in ConsumerPullTransferTokenValidationApiController (expiry, not-before, issuance date). This can enable bypass of token expiration protections when a dataplane is conf...

8.1CVSS8.1AI score0.00407EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

Eclipse Dataspace Components 安全漏洞

Eclipse Dataspace Components is a development connector for Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components version 0.5.0 through versions prior to 0.9.0 that stems from not checking for token validity, which could allow an attacker to...

8.1CVSS6.4AI score0.00407EPSS
Exploits0References5
OSV
OSV
added 2024/05/13 2:57 p.m.17 views

GHSA-93X3-M7PW-PPQM Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

7.3CVSS7.2AI score0.01186EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/05/13 2:57 p.m.23 views

Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

7.3CVSS6.6AI score0.01186EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.5 views

PT-2023-19303 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 3.8.0 Description: The issue concerns the refresh token in vantage6, a privacy-preserving federated learning infrastructure, which is currently valid indefinitely. This is considered bad security practice. The refre...

8.8CVSS8.5AI score0.00571EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.4 views

PT-2023-14817 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 3.0.0.beta15 on the beta and tests-passed branches Description: Discourse is an option source discussion platform. When a user requests a password reset link...

8.1CVSS7.9AI score0.00679EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/08/13 12:0 a.m.2 views

PT-2021-21813 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.8 Discourse versions prior to 2.8.0.beta4 Description: The issue concerns the email verification process in Discourse. When adding an extra email address to an existing account, an email token is generated. If...

7.5CVSS7.4AI score0.00833EPSS
Exploits0References6
Veracode
Veracode
added 2020/09/25 3:51 a.m.26 views

Insecure Error Handling

github.com/ory/fosite does not securely handle errors from the server. The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid and may lead to unexpected behaviors in the server...

8CVSS2.2AI score0.01588EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder