Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

6.3CVSS5.7AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 12:30 a.m.7 views

EUVD-2026-12659

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the attack...

6.3CVSS5.4AI score0.00407EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 10:16 p.m.5 views

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

6.3CVSS0.00407EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 9:32 p.m.38 views

CVE-2026-4349

CVE-2026-4349 affects Duende IdentityServer 4; vulnerable component is the Token Renewal Endpoint under /connect/authorize, where manipulation of the id_token_hint argument leads to improper authentication. The issue is described as remote-exploitable with high attack complexity, but the provided...

6.3CVSS5.7AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.11 views

PT-2026-25949

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id token hint causes improper authentication. It is possible to initiate the attack...

6.3CVSS5.3AI score0.00407EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.6 views

Duende IdentityServer 授权问题漏洞

Duende IdentityServer is an open-source framework developed by Duende for ASP.NET Core, which adheres to standard OpenID Connect and OAuth 2.x protocols. Duende IdentityServer has a vulnerability related to authorization. This vulnerability stems from incorrect handling of the parameter idtokenhi...

6.3CVSS6.1AI score0.00407EPSS
Exploits0References3
Veracode
Veracode
added 2025/12/05 8:33 a.m.8 views

Improper Authentication

Strapi is vulnerable to improper authentication. The vulnerability is due to JSON Web Tokens not being invalidated after logout or deactivation, along with a publicly accessible /admin/renew-token endpoint, which allows an attacker to reuse or indefinitely renew stolen tokens to maintain...

6.3CVSS6.7AI score0.00641EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/16 12:30 p.m.4 views

EUVD-2025-34751

Strapi is vulnerable to Insufficient Session Expiration...

6.3CVSS6.4AI score0.00641EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/16 12:30 p.m.6 views

Insufficient Session Expiration

Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate JWT after logout or account deactivation. An attacker can maintain unauthorized access by reusing a stolen or intercepted token until it...

6.3CVSS6.8AI score0.00641EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 10:43 a.m.28 views

CVE-2025-3930

Strapi is affected by CVE-2025-3930 due to improper JWT handling: after logout or account deactivation, tokens are not invalidated, enabling an attacker to reuse stolen or intercepted tokens until their expiry. The presence of the publicly accessible /admin/renew-token endpoint further enables ne...

6.3CVSS6.5AI score0.00641EPSS
Exploits0References4
Rows per page
Query Builder