Lucene search
K

36 matches found

Cvelist
Cvelist
added 2026/04/07 2:30 p.m.17 views

CVE-2026-35462 Papra Does Not Reject Expired API Keys

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

4.3CVSS0.00239EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 2:30 p.m.9 views

CVE-2026-35462

Papra (document management/archiving platform) prior to version 26.4.0 does not validate API key expiresAt against current time during authentication, allowing expired keys to access protected endpoints as if valid. Affected: Papra before 26.4.0; Impact: potential unauthorized access with network...

4.3CVSS5.9AI score0.00239EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

Papra 代码问题漏洞

Papra is an open-source document management and archiving platform developed by Papra. Versions of Papra prior to 26.4.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of API keys with an expiresAt date during authentication. As a result, any API key...

4.3CVSS5.9AI score0.00239EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30855

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

4.3CVSS5.9AI score0.00239EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/01 6:34 a.m.4 views

Insertion of Sensitive Information into Log File

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the userapikeyauthbuilder function, which leaks expired session keys into the authentication error output of other...

5.3CVSS5.5AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47416

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8872

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.00373EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/09/12 1:20 p.m.5 views

CVE-2025-10225

Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...

8.7CVSS6.8AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 1:15 p.m.3 views

CVE-2025-10225

Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...

8.7CVSS5.8AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2025/09/10 12:37 p.m.16 views

CVE-2025-10225

CVE-2025-10225 affects AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows, in the OpenSSL-based session module. The issue is an improper restriction of operations within a memory buffer (CWE-119) that can trigger memory reallocation errors when handling expired session keys under high load...

8.7CVSS6.5AI score0.00372EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37044

Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions 2.0.6 and earlier Description: A flaw exists in the OpenSSL-based session module that, under high load conditions, can lead to application crashes or unpredictable behavior. This is due to memory reallocation erro...

8.7CVSS6.2AI score0.00372EPSS
Exploits0References5
OSV
OSV
added 2025/07/01 11:27 a.m.6 views

SUSE-RU-2025:20460-1 Recommended update for gpg2

This update for gpg2 fixes the following issues: This reverts the CVE-2025-30258 fix, as it changed behaviour when using expired keys...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 1:0 p.m.4 views

CVE-2018-20954

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...

7.5CVSS7AI score0.01148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/02 7:36 p.m.19 views

CVE-2025-31123

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...

8.7CVSS6.9AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 8:15 p.m.26 views

CVE-2025-31123

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...

8.7CVSS0.00373EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/03/31 7:31 p.m.27 views

CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...

8.7CVSS0.00373EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/03/31 7:31 p.m.13 views

CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...

8.7CVSS8.4AI score0.00373EPSS
Exploits0References11
CVE
CVE
added 2025/03/31 7:31 p.m.120 views

CVE-2025-31123

CVE-2025-31123 — Zitadel (open-source identity infrastructure) : A vulnerability exists where Zitadel fails to properly check the expiration date of the JWT key when used for Authorization Grants. An attacker with an expired key can obtain valid access tokens, while the JWT Profile for OAuth 2.0 ...

8.7CVSS8.4AI score0.00373EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2025/03/31 7:31 p.m.11 views

CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...

8.7CVSS6.5AI score0.00373EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.7 views

PT-2025-13821 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.63.9 Zitadel versions prior to 2.64.6 Zitadel versions prior to 2.65.7 Zitadel versions prior to 2.66.16 Zitadel versions prior to 2.67.13 Zitadel versions prior to 2.68.9 Zitadel versions prior to 2.69.9 Zitadel...

8.7CVSS6.3AI score0.00373EPSS
Exploits0References18
Rows per page
Query Builder