Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13101 matches found

Tenable Nessus
Tenable Nessusadded 2026/04/22 12:0 a.m.1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013813)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013813 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees conn-ccprivate which is ...

5.3AI score0.00063EPSS
Exploits0References4
NVD
NVDadded 2026/04/21 10:16 p.m.2 views

CVE-2026-40946

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

9.2CVSS0.00068EPSS
Exploits0References1
NVD
NVDadded 2026/04/21 10:16 p.m.2 views

CVE-2026-40945

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS0.00069EPSS
Exploits0References1
NVD
NVDadded 2026/04/21 10:16 p.m.1 views

CVE-2026-40939

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

6.8CVSS0.00025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/21 9:18 p.m.3 views

CVE-2026-40946

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

9.2CVSS5.7AI score0.00068EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/04/21 9:18 p.m.3 views

EUVD-2026-24512

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

9.2CVSS5.7AI score0.00068EPSS
Exploits0References1
CVE
CVEadded 2026/04/21 9:18 p.m.13 views

CVE-2026-40946

Oxia (metadata store and coordination system) prior to version 0.16.2 allows OIDC tokens to bypass standard audience validation. The root cause is that the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling aud claim validati...

9.2CVSS5.7AI score0.00068EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/21 9:18 p.m.27 views

CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

9.2CVSS0.00068EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/21 9:18 p.m.1 views

CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

9.2CVSS5.7AI score0.00068EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/21 9:16 p.m.1 views

EUVD-2026-24511

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS5.8AI score0.00069EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/21 9:16 p.m.1 views

CVE-2026-40945

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS5.8AI score0.00069EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/21 9:16 p.m.25 views

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS0.00069EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/21 9:9 p.m.1 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.8AI score0.00057EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/21 9:9 p.m.2 views

EUVD-2026-24496

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.8AI score0.00057EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/21 9:9 p.m.26 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00057EPSS
Exploits0References3
CVE
CVEadded 2026/04/21 9:7 p.m.6 views

CVE-2026-40939

The CVE concerns the Data Sharing Framework (DSF). Before version 2.1.0, OIDC-authenticated sessions had no maximum inactivity timeout, allowing sessions to persist indefinitely after login and token expiry. The issue is fixed in v2.1.0. Affected components are DSF FHIR and BPE servers with OIDC ...

6.8CVSS5.8AI score0.00025EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/21 9:7 p.m.1 views

CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

6.8CVSS5.8AI score0.00025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/21 9:7 p.m.1 views

CVE-2026-40939

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

6.8CVSS5.8AI score0.00025EPSS
Exploits0References5Affected Software4
Cvelist
Cvelistadded 2026/04/21 9:7 p.m.29 views

CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

6.8CVSS0.00025EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/21 6:47 p.m.8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-33036 DESCRIPTION:...

8.2CVSS6.8AI score0.00152EPSS
Exploits7Affected Software1
Rows per page
Query Builder