GHSA-JP3F-X449-4Q75 Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

Astra Linux - уязвимость в plasma-workspace

In KDE Plasma Workspaces also known as plasma-workspace, prior to versions 5.27.11.1 and 6.x, before version 6.0.5.1, connections were made via ICE, purely based on the host system. This means that all local connections were accepted. This allowed another user on the same machine to gain access t...

GO-2026-4656 Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange in github.com/pocket-id/pocket-id/backend

Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange in github.com/pocket-id/pocket-id/backend...

CVE-2026-28513

Pocket ID is an OIDC provider. Before version 2.4.0, the token endpoint could accept an authorization code that is expired when the client ID is correct, enabling cross-client code reuse and expired-code reuse. The issue is fixed in 2.4.0. No exploitation path details are provided beyond that, an...

CVE-2026-28513

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

CVE-2026-28513 Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

CVE-2026-28513 Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

CVE-2026-28513 Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

GHSA-QH6Q-598W-W6M2 Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange

Summary The OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse. Details backend/internal/service/oidcservice.go:407 go if authorizationCodeMetaData.ClientID != input.ClientI...

EUVD-2008-5655

Malware in sbrugna...

FedP3E: Privacy-Preserving Prototype Exchange for Non-IID IoT Malware Detection in Cross-Silo Federated Learning

As IoT ecosystems continue to expand across critical sectors, they have become prominent targets for increasingly sophisticated and large-scale malware attacks. The evolving threat landscape, combined with the sensitive nature of IoT-generated data, demands detection frameworks that are both...

SUSE CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

USN-5744-1: libICE vulnerability

It was discovered that libICE was using a weak mechanism to generate the session cookies. A local attacker could possibly use this issue to perform a privilege escalation attack...

[SECURITY] [DLA 2002-1] libice security update

Package : libice Version : 2:1.0.9-1+deb8u1 CVE ID : CVE-2017-2626 It has been found, that libice, an X11 Inter-Client Exchange library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 "Jessie", this problem has been fixed in version...

DEBIAN-CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

DEBIAN-CVE-2017-2626

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list...

Session fixation

Unspecified vulnerability in the X Inter Client Exchange library aka libICE in Sun Solaris 8 through 10 and OpenSolaris before snv85 allows context-dependent attackers to cause a denial of service application crash, as demonstrated by a port scan that triggers a segmentation violation in the Gnom...

CVE-2008-5684

CVE-2008-5684 affects Sun Solaris 8–10 and OpenSolaris before snv_85 due to a libICE issue; allows context-dependent denial of service, shown by a port-scan-triggered segmentation fault in gnome-session. Connected docs reference Xsun/X11 patches for Solaris 10, but explicit libICE remediation det...

CVE-2008-5684

Unspecified vulnerability in the X Inter Client Exchange library aka libICE in Sun Solaris 8 through 10 and OpenSolaris before snv85 allows context-dependent attackers to cause a denial of service application crash, as demonstrated by a port scan that triggers a segmentation violation in the Gnom...