10 matches found
CVE-2026-4349
A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...
EUVD-2026-12659
A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the attack...
CVE-2026-4349
A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...
CVE-2026-4349
CVE-2026-4349 affects Duende IdentityServer 4; vulnerable component is the Token Renewal Endpoint under /connect/authorize, where manipulation of the id_token_hint argument leads to improper authentication. The issue is described as remote-exploitable with high attack complexity, but the provided...
PT-2026-25949
A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id token hint causes improper authentication. It is possible to initiate the attack...
Duende IdentityServer 授权问题漏洞
Duende IdentityServer is an open-source framework developed by Duende for ASP.NET Core, which adheres to standard OpenID Connect and OAuth 2.x protocols. Duende IdentityServer has a vulnerability related to authorization. This vulnerability stems from incorrect handling of the parameter idtokenhi...
Improper Authentication
Strapi is vulnerable to improper authentication. The vulnerability is due to JSON Web Tokens not being invalidated after logout or deactivation, along with a publicly accessible /admin/renew-token endpoint, which allows an attacker to reuse or indefinitely renew stolen tokens to maintain...
EUVD-2025-34751
Strapi is vulnerable to Insufficient Session Expiration...
Insufficient Session Expiration
Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate JWT after logout or account deactivation. An attacker can maintain unauthorized access by reusing a stolen or intercepted token until it...
CVE-2025-3930
Strapi is affected by CVE-2025-3930 due to improper JWT handling: after logout or account deactivation, tokens are not invalidated, enabling an attacker to reuse stolen or intercepted tokens until their expiry. The presence of the publicly accessible /admin/renew-token endpoint further enables ne...