CVE-2025-26620

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Summary Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other...

CVE-2025-25893

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

CVE-2024-8227

A vulnerability was found in Tenda O1 1.0.0.710648 and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer...

Cisco Access Point 缓冲区错误漏洞

Cisco Access Point is a network access point device from Cisco, Inc. It provides high-density wireless connectivity for small offices. A security vulnerability exists in Cisco Access Point that stems from insufficient validation of certain parameters within the 802...

Griefing lenders

Handle gpersoon Vulnerability details Impact Suppose there are several lenders for token B of a pair. And an attacker puts in a deposit for token A to the maximum possible amount via accountA. And an attacker puts in a deposit for token B to the maximum possible amount via accountB. And then lend...