1909 matches found
Lightweight and Breach-Resilient Authenticated Encryption Framework for Internet of Things
The Internet of Things IoT relies heavily on resource-limited devices to communicate critical e.g., military data information under low-energy adversarial environments and low-latency wireless channels. Authenticated Encryption AE guarantees confidentiality, authenticity, and integrity, making it...
EUVD-2025-35690
Keycloak does not invalidate offline sessions when the offlineaccess scope is removed...
Insufficient Session Expiration
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the offline session of a user not being invalidated when the...
GHSA-895X-RFQP-JH5C Keycloak does not invalidate offline sessions when the offline_access scope is removed
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
Keycloak does not invalidate offline sessions when the offline_access scope is removed
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
CVE-2025-12110
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
CVE-2025-12110
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
CVE-2025-12110
The CVE-2025-12110 issue affects Keycloak: when the offline_access scope is removed from a client, an offline session remains valid and the refresh token can still request new tokens, allowing continued access. This is documented across multiple sources (GHSA, OSV, Red Hat advisories) and is high...
CVE-2025-12110 Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
CVE-2025-12110 Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
CVE-2025-12110
A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...
PT-2025-43517
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where an offline session remains valid even after the offline access scope is removed from the client. The refresh token continues to be accepted, allowing for the...
Red Hat build of Keycloak 代码问题漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A code issue vulnerability exists in the Red Hat build of Keycloak, which stems from an offline session remaining active after removing the client's offlineaccess scope, which could lead to an administrator...
EUVD-2022-55660
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987617)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987617 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPTCOUNT=y, when a...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden store user passwords with MD5 without per-password salt, enabling offline dictionary/rainbow-table/brute-force attacks on a breached database. Connected sources confirm this insecure hashing practice and indicate the vendor has declined to se...