BIT-ELK-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

CVE-2026-33463

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

EUVD-2024-48495

Malicious code in bioql PyPI...

CVE-2021-32701

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

Authentication Bypass

org.eclipse.edc:transfer-data-plane is vulnerable to Authentication Bypass via the ConsumerPullTransferTokenValidationApiController function. An attacker can bypass the check for token expiration by exploiting the lack of validation for token validity expiry, not-before, issuance date...

Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability

This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration

useroidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0...

CVE-2023-41751

Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent Windows before build 32047...

CVE-2021-43791 Ineffective expiration validation for invitation links in Zulip

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a...