Lucene search
K

47 matches found

NVD
NVD
added 2026/06/20 4:17 p.m.15 views

CVE-2026-56295

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.8 views

EUVD-2026-38122

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.15 views

CVE-2026-56295

Capgo is affected pre-12.128.2 by an authorization bypass in webhook management endpoints. The issue allows legacy non-expiring API keys to bypass the require_apikey_expiration policy because checkWebhookPermission does not call apikeyHasOrgRightWithPolicy, enabling those keys to list, create, an...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.30 views

CVE-2026-56295 Capgo - Policy Enforcement Bypass in Webhook Management Endpoints via Non-Expiring API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-24467

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9.8CVSS5.7AI score0.009EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/07 9:34 p.m.8 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...

9.1CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/05/07 7:16 p.m.10 views

CVE-2026-41902

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.6 views

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. This vulnerability stemmed from the/user-setup/hash endpoint, which did not expire the...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 4:16 p.m.5 views

CVE-2026-24467

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9.8CVSS0.009EPSS
Exploits1References4
CVE
CVE
added 2026/04/20 3:40 p.m.34 views

CVE-2026-24467

OpenAEV (versions 1.0.0 up to 2.0.12) suffers password reset token weaknesses that enable unauthenticated account takeover and platform compromise. The root cause is password reset tokens that never expire and are only 8 digits long, allowing token accumulation and rapid brute-forcing across mult...

9.8CVSS5.7AI score0.009EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 3:40 p.m.2 views

CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9CVSS5.7AI score0.009EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.7 views

PT-2026-28620

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description A flaw exists in AVideo where WebSocket tokens do not expire as intended due to a commented-out timeout validation within the verifyTokenSocket function located in...

5.4CVSS5.9AI score0.00247EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22393

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.1.0 Description Vikunja, an open-source self-hosted task management platform, has a business logic flaw in its password reset mechanism within the vikunja/api. This allows password reset tokens to be reused...

9.9CVSS5.9AI score0.22162EPSS
Exploits68References145
CVE
CVE
added 2026/02/17 11:35 a.m.10 views

CVE-2026-2247

CVE-2026-2247 describes an SQL injection in Clicldeu SaaS during report generation via the mobile app’s Day-to-day section. The vulnerability arises when a previously authenticated remote attacker uses a malicious payload in the URL generated after downloading a student’s report card, with the PD...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-9314

Malware in sbrugna...

8.8CVSS8.8AI score0.02808EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-19121

Malicious code in bioql PyPI...

8.7CVSS9.2AI score0.00448EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.5 views

CVE-2023-26041

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...

4.3CVSS6.9AI score0.00799EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 p.m.6 views

CVE-2021-46145

The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization...

5.3CVSS7.1AI score0.03641EPSS
Exploits0
OSV
OSV
added 2024/06/11 12:15 p.m.3 views

CVE-2024-35206

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected application does not expire the session. This could allow an attacker to get unauthorized access...

8.5CVSS7AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2023/04/11 12:30 p.m.13 views

GHSA-J97G-77FJ-9C4P Answer vulnerable to account takeover because password reset links do not expire

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire...

8.8CVSS6.3AI score0.00607EPSS
Exploits1References4
Rows per page
Query Builder