36 matches found
CVE-2026-35462 Papra Does Not Reject Expired API Keys
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...
CVE-2026-35462
Papra (document management/archiving platform) prior to version 26.4.0 does not validate API key expiresAt against current time during authentication, allowing expired keys to access protected endpoints as if valid. Affected: Papra before 26.4.0; Impact: potential unauthorized access with network...
Papra 代码问题漏洞
Papra is an open-source document management and archiving platform developed by Papra. Versions of Papra prior to 26.4.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of API keys with an expiresAt date during authentication. As a result, any API key...
PT-2026-30855
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...
Insertion of Sensitive Information into Log File
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the userapikeyauthbuilder function, which leaks expired session keys into the authentication error output of other...
EUVD-2024-47416
Malicious code in bioql PyPI...
EUVD-2025-8872
Malicious code in bioql PyPI...
CVE-2025-10225
Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...
CVE-2025-10225
Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...
CVE-2025-10225
CVE-2025-10225 affects AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows, in the OpenSSL-based session module. The issue is an improper restriction of operations within a memory buffer (CWE-119) that can trigger memory reallocation errors when handling expired session keys under high load...
PT-2025-37044
Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions 2.0.6 and earlier Description: A flaw exists in the OpenSSL-based session module that, under high load conditions, can lead to application crashes or unpredictable behavior. This is due to memory reallocation erro...
SUSE-RU-2025:20460-1 Recommended update for gpg2
This update for gpg2 fixes the following issues: This reverts the CVE-2025-30258 fix, as it changed behaviour when using expired keys...
CVE-2018-20954
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...
CVE-2025-31123
Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...
CVE-2025-31123
Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...
CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants
Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...
CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants
Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...
CVE-2025-31123
CVE-2025-31123 — Zitadel (open-source identity infrastructure) : A vulnerability exists where Zitadel fails to properly check the expiration date of the JWT key when used for Authorization Grants. An attacker with an expired key can obtain valid access tokens, while the JWT Profile for OAuth 2.0 ...
CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants
Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...
PT-2025-13821 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.63.9 Zitadel versions prior to 2.64.6 Zitadel versions prior to 2.65.7 Zitadel versions prior to 2.66.16 Zitadel versions prior to 2.67.13 Zitadel versions prior to 2.68.9 Zitadel versions prior to 2.69.9 Zitadel...