Lucene search
K

4 matches found

CNVD
CNVD
added 2026/01/29 12:0 a.m.4 views

HCL AION Security Bypass Vulnerability (CNVD-2026-16404)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused by a JWT token that expires too long increasing the risk of token misuse. An attacker can exploit the vulnerability to cause unauthorized access...

5.3CVSS5.8AI score0.0015EPSS
Exploits0
NVD
NVD
added 2026/01/19 6:16 p.m.11 views

CVE-2025-52661

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

5.3CVSS0.0015EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/29 10:53 p.m.25 views

org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This...

4.9CVSS5.7AI score0.00654EPSS
Exploits0References6
OSV
OSV
added 2025/03/25 9:32 a.m.4 views

GHSA-2935-2WFM-HHPV Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This...

4.9CVSS5.8AI score0.00654EPSS
Exploits0References6
Rows per page
Query Builder