Lucene search
K

33 matches found

Cvelist
Cvelist
added 2026/06/16 3:18 p.m.26 views

CVE-2026-53776 Perry < 0.5.1166 JWT Expiration Bypass via verify_decode

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

9.3CVSS0.00357EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 3:18 p.m.24 views

CVE-2026-53776

Perry before 0.5.1166 contains a JWT validation vulnerability in the verify_decode helper that sets validate_exp = false unconditionally, enabling token expiration bypass. Attackers with a previously issued bearer token can present expired tokens to jwt.verify() calls and retain access, undermini...

9.3CVSS5.4AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-49727

Name of the Vulnerable Software and Affected Versions Perry versions prior to 0.5.1166 Description An issue in the JWT validation process allows remote attackers to bypass token expiration. This occurs because the verify decode helper within the stdlib JWT verification path unconditionally sets...

9.3CVSS5.3AI score0.00357EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/28 12:0 a.m.4 views

Insufficient Session Expiration

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Insufficient Session Expiration via the federated token rescoping process...

8.1CVSS6AI score0.00249EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/08 5:45 a.m.105 views

jwt-exploit-toolkit

JWT Exploit Toolkit !Pythonhttps://img.shields.io/badge/Py...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:30 p.m.7 views

CVE-2026-35462

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

4.3CVSS5.9AI score0.00239EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/31 8:27 p.m.14 views

CVE-2026-34586

PdfDing (self-hosted PDF manager/editor) is affected by a vulnerability in which check_shared_access_allowed() only validates session existence and does not enforce SharedPdf.inactive (expiration/max views) or SharedPdf.deleted. The Serve and Download endpoints rely on this function, allowing pre...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/18 10:16 p.m.4 views

CVE-2026-32742

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...

4.3CVSS0.00306EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 6:37 p.m.4 views

GHSA-5V7G-9H8F-8PGG Parse Server session creation endpoint allows overwriting server-generated session fields

Impact An authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/Session. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows...

4.3CVSS5.9AI score0.00306EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.7 views

CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS5.5AI score0.00312EPSS
Exploits1References1
NVD
NVD
added 2026/02/25 7:43 p.m.5 views

CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS0.00312EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 6:28 p.m.3 views

CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS5.8AI score0.00312EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

7.5CVSS5.8AI score0.00312EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.10 views

PT-2025-54421

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...

7.5CVSS7AI score0.00378EPSS
Exploits1References8
Snyk
Snyk
added 2025/12/16 12:43 a.m.3 views

Improper Verification of Cryptographic Signature

Overview altcha-lib is an A library for creating and verifying ALTCHA challenges for Node.js, Bun and Deno. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 12:43 a.m.6 views

Improper Verification of Cryptographic Signature

Overview altcha is a The ALTCHA Python Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for Python applications. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via t...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 12:43 a.m.4 views

Improper Verification of Cryptographic Signature

Overview altcha is an A lightweight library for creating and verifying ALTCHA challenges. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-4945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processin...

3.7CVSS6AI score0.00538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.28 views

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

8.1CVSS7AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:58 a.m.5 views

CVE-2024-34596

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner...

7.5CVSS7.3AI score0.00483EPSS
Exploits0References1
Rows per page
Query Builder