Lucene search
K

1619 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48850

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

5.2AI score0.00294EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.10 views

org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.4AI score0.00295EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.8 views

keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.4AI score0.00305EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:40 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Time-of-check Time-of-use Race Condition CVE-2026-1035

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14559 DESCRIPTION: A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh toke...

6.5CVSS5.4AI score0.00443EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/08 1:54 p.m.10 views

JLSEC-2026-608

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 8:17 p.m.13 views

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.7 views

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45246

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS5.5AI score0.00137EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40302

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...

6.1CVSS5.6AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 7:13 p.m.27 views

CVE-2026-46398 HAX CMS Missing Secure Flag on Cookie

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:13 p.m.5 views

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/05 7:13 p.m.9 views

EUVD-2026-34893

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 7:13 p.m.20 views

CVE-2026-46398

HAX CMS vulnerability: the haxcms_refresh_token cookie is set without the Secure flag in versions 25.0.0 through

8.8CVSS5.4AI score0.00183EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:43 p.m.11 views

GHSA-G72G-R7M4-9X4G NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:43 p.m.43 views

NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/05 4:20 p.m.7 views

GHSA-8M7C-HF24-5G47 NocoDB: OAuth Authorization Code Race Condition

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read isused and called markAsUsed as an unconditional upda...

6.3CVSS5.6AI score0.00197EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:20 p.m.14 views

NocoDB: OAuth Authorization Code Race Condition

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read isused and called markAsUsed as an unconditional upda...

6.3CVSS5.6AI score0.00197EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/05 5:40 a.m.6 views

BIT-AIRFLOW-2026-41017 Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9CVSS5.5AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-47039

Name of the Vulnerable Software and Affected Versions HAX CMS versions 25.0.0 through 25.x Description The haxcms refresh token cookie is configured without the Secure flag. This configuration allows the cookie to be transmitted over unencrypted HTTP connections, which enables an attacker to stea...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References3
Rows per page
Query Builder