19 matches found
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
EUVD-2026-34204
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...
CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...
PT-2026-33787
Name of the Vulnerable Software and Affected Versions OpenAEV versions 1.0.0 through 2.0.12 Description The password reset implementation contains security weaknesses that allow for reliable account takeover. Password reset tokens do not expire and remain valid indefinitely, even after new tokens...
CVE-2025-10681
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...
EUVD-2025-209213
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...
CVE-2026-33417 Wallos: Password Reset Tokens Never Expire
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...
CVE-2026-33417 Wallos: Password Reset Tokens Never Expire
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...
CVE-2026-33417 Wallos: Password Reset Tokens Never Expire
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...
CVE-2026-21622
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...
EUVD-2026-9876
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...
CVE-2026-21622 Password Reset Tokens Do Not Expire
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...
CVE-2019-3867
A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue...
Microsoft Windows - Local Users Information : Passwords Never Expire
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10916; scriptversion"1.23"; scriptcvsdate"Date: 2018/08/13 14:32:39"; scriptnameenglish:"Microsoft...
Microsoft Windows - Users Information : Passwords Never Expire
Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10900; scriptversion"1.22"; scriptcvsdate"Date: 2018/08/13 14:32:39"; scriptnameenglish:"Microsoft Windows ...