Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/17 9:53 p.m.24 views

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:53 p.m.25 views

CVE-2026-50202

Summary: CVE-2026-50202 affects Steeltoe libraries: Steeltoe.Security.Authentication.CloudFoundryBase < 3.4.0, Steeltoe.Security.Authentication.JwtBearer < 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect

5.9CVSS5.3AI score0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 5:9 p.m.10 views

CVE-2026-40585

blueprintUE prior to 4.2.0 generates a 128-character CSPRNG reset token and stores it with a password_reset_at timestamp. The token redemption function findUserIDFromEmailAndToken() only validates email+token, not whether password_reset_at falls within any expiry window, so a generated reset toke...

7.4CVSS5.8AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 6:52 p.m.22 views

CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS0.00426EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:52 p.m.2 views

CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS5.8AI score0.00426EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 6:52 p.m.7 views

EUVD-2026-21561

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS5.8AI score0.00426EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 6:52 p.m.26 views

CVE-2026-33707

Chamilo LMS (affected: prior to 1.11.38 and 2.0.0-RC.3) uses a weak password reset token by generating tokens as sha1(email) with no randomness, no expiration, and no rate limiting. An attacker who knows a user’s email can compute the reset token and change the password without authentication. Th...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-17384 · Answerdev · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.1.0 Description: The issue concerns password aging with long expiration in the answerdev/answer GitHub repository. Specifically, the problem is that password reset links do not expire, making the system...

8.8CVSS5.2AI score0.00607EPSS
Exploits1References10
OSV
OSV
added 2017/06/13 6:29 a.m.4 views

DEBIAN-CVE-2017-4966

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-...

7.8CVSS6.2AI score0.00394EPSS
Exploits0References1
Rows per page
Query Builder