Apache Airflow code vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the authentication...

EUVD-2026-18089

CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

PT-2026-24253

Name of the Vulnerable Software and Affected Versions StudioCMS versions prior to 0.4.0 Description StudioCMS is a server-side-rendered, Astro native, headless content management system. The DELETE /studiocms api/dashboard/api-tokens API endpoint, before version 0.4.0, allows authenticated users...

Comparison Using Wrong Factors

Overview org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication UAA Server. Affected versions of this package are vulnerable to Comparison Using Wrong Factors due to a logic error in the token revocation endpoint implementation. An attacker can...

Linux Distros Unpatched Vulnerability : CVE-2025-67108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. CVE-2025-67108...

Smallstep step-ca 安全漏洞

Smallstep step-ca is an online certificate authority for secure, automated certificate management for DevOps from Smallstep USA. A security vulnerability exists in Smallstep step-ca versions prior to 0.29.0 that stems from improper SSH certificate revocation authorization checking, which could le...

EUVD-2023-57580

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1000211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access token...

Linux Distros Unpatched Vulnerability : CVE-2020-13299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could...

Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Impact Applications which have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not us...

GHSA-QRM9-F75W-HG4C Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Impact Applications which have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not us...

PT-2025-6376 · Unknown · Ashauthentication

Name of the Vulnerable Software and Affected Versions: AshAuthentication versions 4.1.0 through 4.4.8 Description: The issue affects applications that have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and have used the magic link strategy or are manually revoking...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from the...

GHSA-R78F-4Q2Q-HVV4 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

Primekey Solutions PrimeKey EJBCA 安全漏洞

Primekey Solutions PrimeKey EJBCA is a full-featured CA system software from PrimeKey Solutions Primekey Solutions, Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation and other functions to achieve access security. A security...

PT-2020-13440 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered where the revocation feature was not revoking all session tokens, allowing them to be re-used to obta...

DEBIAN-CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

Design/Logic Flaw

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...