CVE-2026-29044

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

CVE-2023-2193

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...

SUSE CVE-2024-26934

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...

UBUNTU-CVE-2024-26934

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...

Authorization

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...

CVE-2023-2193 Oauth authorization codes do not expire when deauthorizing an oauth2 app

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...

PT-2023-18354 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...