Lucene search
K

14 matches found

NVD
NVD
added yesterday4 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

6AI score0.00152EPSS
Exploits0References2Affected Software1
CVE
CVE
added yesterday9 views

CVE-2026-46455

CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...

9.8CVSS6AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-46455 Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 5:38 p.m.3 views

EUVD-2025-37118

Malicious code in epic-offline-token-verifier-node npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.2 views

MAL-2025-49175 Malicious code in epic-offline-token-verifier-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d755e02a54f806e25e06d5d8ba4fd6ade573af32d55fbabf9180d2967448a446 The package epic-offline-token-verifier-node was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.4 views

Malicious code in epic-offline-token-verifier-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d755e02a54f806e25e06d5d8ba4fd6ade573af32d55fbabf9180d2967448a446 The package epic-offline-token-verifier-node was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2024/04/09 3:11 p.m.1 views

GHSA-HW42-3568-WJ87 google-oauth-java-client improperly verifies cryptographic signature

Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims e.g., iss, aud, etc.. Signature verification makes sure that the token's payload comes from valid provider, not from someone...

7.3CVSS6.8AI score0.00287EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 1:42 p.m.5 views

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.9 views

The vulnerability of the IDToken verifier in the client-side Java OAuth library allows a perpetrator to load arbitrary files.

The vulnerability of the IDToken verifier in the client Java OAuth library is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to download arbitrary files remotely...

7.5CVSS7.3AI score0.00287EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/06/07 1:52 p.m.4 views

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/03/12 10:39 p.m.4 views

@solid/community-server (=0.4.1) potentially affected by unknown CVE via @solid/identity-token-verifier (=0.4.3)

@solid/identity-token-verifier NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on @solid/identity-token-verifier and may be impacted: - @solid/community-server =0.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XMH9-RG6F-J3MR...

5.8AI score
Exploits0
OSV
OSV
added 2021/03/12 10:39 p.m.11 views

GHSA-XMH9-RG6F-J3MR Verification flaw in Solid identity-token-verifier

Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...

6.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/03/12 10:39 p.m.50 views

Verification flaw in Solid identity-token-verifier

Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...

1AI score
Exploits0References5Affected Software1
Rows per page
Query Builder