Lucene search
+L

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:5 p.m.28 views

CVE-2026-46657

Bludit CMS prior to 3.22.0 has a vulnerability in user management: when an administrator disables a user, tokenAuth and tokenRemember in the JSON database are not invalidated. As a result, users with an existing Remember Me cookie can bypass disablement and remain authenticated. This issue impact...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.4 views

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

9.8CVSS7AI score0.00498EPSS
Exploits1References1
NVD
NVD
added 2025/12/27 12:15 a.m.11 views

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

9.8CVSS0.00498EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/26 11:43 p.m.4 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS6.7AI score0.00498EPSS
Exploits1References3
CVE
CVE
added 2025/12/26 11:43 p.m.21 views

CVE-2025-68932

FreshRSS suffers from weak cryptographic randomness used to generate remember-me tokens and challenge-response nonces prior to version 1.28.0, enabling potential prediction of valid session tokens and persistent session hijacking leading to account takeover. The issue affects versions before 1.28...

9.8CVSS6.7AI score0.00498EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/26 11:43 p.m.5 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS7AI score0.00498EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.14 views

PT-2025-53609

Name of the Vulnerable Software and Affected Versions FreshRSS versions prior to 1.28.0 Description FreshRSS utilizes weak random number generators mt rand and uniqid for creating remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session token...

9.8CVSS6.9AI score0.00498EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1288

Malicious code in bioql PyPI...

7.1CVSS6.9AI score0.00495EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.5 views

CVE-2024-30262

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

7.1CVSS7AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 2024/04/09 5:16 p.m.33 views

CVE-2024-30262

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

7.1CVSS5.8AI score0.00495EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 4:45 p.m.45 views

CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

5.9CVSS6AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 4:15 p.m.20 views

GHSA-R4R6-J2J3-7PP5 Contao: Remember-me tokens will not be cleared after a password change

Impact When a front end member changes their password, the corresponding remember-me tokens are not removed. Patches Update to Contao 4.13.40. Workarounds Disable "Allow auto login" in the login module. References...

5.9CVSS6.1AI score0.00495EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.9 views

PT-2024-23305 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.40 Description: Contao is an open source content management system. When a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not...

7.1CVSS7.3AI score0.00495EPSS
Exploits0References11
Rows per page
Query Builder