Lucene search
K

2077 matches found

CVE
CVE
added 2025/11/18 12:0 a.m.17 views

CVE-2025-56643

CVE-2025-56643 affects Wiki.js 2.5.307. The root cause is in the authentication resolver logic, where active JWT tokens are not properly revoked or invalidated on user logout. This leaves previously issued tokens valid for GraphQL and logout endpoints, enabling potential unauthorized access if a ...

9.1CVSS6.6AI score0.00325EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.8 views

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.4 views

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

6.6AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47368

Name of the Vulnerable Software and Affected Versions Wiki.js version 2.5.307 Description Wiki.js does not properly revoke or invalidate active JWT tokens when a user logs out. This allows previously issued tokens to remain valid and be reused to access the system, even after logout. The issue...

9.1CVSS6.7AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 12:0 a.m.4 views

EUVD-2025-198058

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

6.5AI score0.00325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 9:7 a.m.6 views

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.5CVSS6.5AI score0.00248EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/11/16 12:0 a.m.3 views

ProxyPrints: From Database Breach to Spoof, a Plug-And-Play Defense for Biometric Systems

Fingerprint recognition systems are widely deployed for authentication and forensic applications, but the security of stored fingerprint data remains a critical vulnerability. While many systems avoid storing raw fingerprint images in favor of minutiae-based templates, recent research shows that...

6.6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/11/14 10:9 p.m.6 views

Memos' Access Tokens Stay Valid after User Password Change

Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...

7.5CVSS7AI score0.00248EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/11/14 10:9 p.m.8 views

EUVD-2024-19274

Memos' Access Tokens Stay Valid after User Password Change...

7.1CVSS6.4AI score0.00248EPSS
Exploits1References4
OSV
OSV
added 2025/11/14 10:9 p.m.3 views

GHSA-MR34-8733-GRR2 Memos' Access Tokens Stay Valid after User Password Change

Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...

7.1CVSS6.9AI score0.00248EPSS
Exploits1References6
NVD
NVD
added 2025/11/14 3:15 p.m.6 views

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.5CVSS0.00248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/14 2:11 p.m.3 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS6.1AI score0.00248EPSS
Exploits1References1
CVE
CVE
added 2025/11/14 2:11 p.m.21 views

CVE-2024-21635

Memos suffers from an issue where Access Tokens remain valid after a user password change, allowing a potential bad actor to continue accessing a compromised account. This affects versions up to and including 0.18.1, as tokens tied to the old password are not revoked automatically. The vulnerabil...

7.5CVSS6.2AI score0.00248EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/11/14 2:11 p.m.6 views

CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.1CVSS6.4AI score0.00248EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/13 11:8 p.m.6 views

CVE-2025-64707

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.4CVSS6.8AI score0.00145EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2020-8286)

The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid. This plugin only works with...

7.5CVSS6.7AI score0.04575EPSS
Exploits1References7
NVD
NVD
added 2025/11/12 11:15 p.m.8 views

CVE-2025-64707

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.4CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/12 10:27 p.m.28 views

CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.1CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/12 10:27 p.m.3 views

CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.1CVSS6.4AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 10:27 p.m.6 views

EUVD-2025-150360

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.1CVSS6.2AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder