CVE-2026-34586

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

CVE-2026-27968

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

CVE-2026-27968 Packistry accepts expired access tokens

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

CVE-2026-25537

CVE-2026-25537 concerns a type-confusion in the jsonwebtoken crate (Rust) prior to 10.3.0, where malformed standard claims may be treated as not present, bypassing time-based checks. Connected Fedora advisories indicate vaultwarden (Bitwarden-compatible server) updates to 1.36.0 address multiple ...

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from improper enforcement of server-side security mechanisms on the client side,...

EUVD-2001-0273

Malware in sbrugna...

EUVD-2025-29191

Malicious code in bioql PyPI...

CVE-2025-50944

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...

CVE-2021-35473

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4...

CVE-2021-35473

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4...

UBUNTU-CVE-2024-49953

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...

zcap 安全漏洞

zcap is an open source reference implementation library for linked data functions from Digital Bazaar. A security vulnerability exists in zcap versions prior to v9.0.1, which stems from a security issue with the expiration check in Incomplete expiration that allows calls outside of the expected...

PT-2024-24345 · Digital Bazaar · @Digitalbazaar/Zcap

Name of the Vulnerable Software and Affected Versions: @digitalbazaar/zcap versions prior to 9.0.1 Description: The issue arises when invoking a capability with a chain depth of 2, where the expires property is not properly checked against the current date or other date param. This can allow...

Missing transaction expiration check result in asset tokens selling at a lower price

Lines of code Vulnerability details Impact Selling of asset tokens misses the transaction expiration check, which may lead to reward tokens being sold at a price that's lower than the market price at the moment of a swap. Proof of Concept The swapAsset function, which is responsible for selling...

GHSA-4RRR-J7FF-R844 python-keystoneclient missing expiration check in PKI token validation

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

DEBIAN-CVE-2014-5251

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

USN-964-1: Likewise Open vulnerability

Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to...