Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Title Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or...

CVE-2023-43134

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management...

NVIDIA Omniverse Workstation Launcher Security Vulnerability

NVIDIA Omniverse Launcher is an easily extensible open platform from NVIDIA. Built for virtual collaboration and real-time physically accurate simulations. A security vulnerability exists in the NVIDIA Omniverse Workstation Launcher, which stems from a security issue in the authentication process...

PT-2023-2764 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request...

CVE-2022-4861

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource...