Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/12 11:7 a.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the AbstractOAuthDataProvider method when handling refresh tokens if the recycleRefreshTokens...

9.1CVSS5.4AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50631

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

7.4CVSS0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:59 a.m.11 views

EUVD-2026-36399

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

7.4CVSS5.2AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2025/02/21 1:35 p.m.3 views

OESA-2025-1143 qt6-qtnetworkauth security update

Qt6 - NetworkAuth component Security Fixes: QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.CVE-2024-36048...

9.8CVSS7AI score0.0097EPSS
Exploits0References2
Rows per page
Query Builder