CVE-2026-35462

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

GHSA-HM8Q-7F3Q-5F36 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2025-40831

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...

CVE-2025-40831

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...

CVE-2025-40831

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...

CVE-2025-40831

SINEC Security Monitor prior to V4.10.0 is affected by an input validation flaw in the date parameter of the report generation function. This could allow an authenticated, low-priv attacker to cause a denial-of-service condition in the report feature. Mitigation: upgrade to V4.10.0 or later (per ...

Frappe Technologies Frappe 安全漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe version 15.57.5, which stems from insufficient validation of the expirydate parameter and...

SUSE CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year...

Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic

Impact Passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Patches Pydantic is be patched with fixes available in the following versions: v1.8.2 v1.7.4 v1.6.2 All these versions are available...

CVE-2015-5327

Out-of-bounds memory read in the x509decodetime function in x509certparser.c in Linux kernels 4.3-rc1 and after...