2007 matches found
GHSA-MR34-8733-GRR2 Memos' Access Tokens Stay Valid after User Password Change
Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...
CVE-2024-21635
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2024-21635
Memos suffers from an issue where Access Tokens remain valid after a user password change, allowing a potential bad actor to continue accessing a compromised account. This affects versions up to and including 0.18.1, as tokens tied to the old password are not revoked automatically. The vulnerabil...
CVE-2024-21635 Memos Access Tokens Stay Valid after User Password Change
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
CVE-2025-64707
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2020-8286)
The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid. This plugin only works with...
CVE-2025-64707
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
CVE-2025-64707
Summary : CVE-2025-64707 affects Frappe Learning (LMS). From versions 2.0.0 up to and including 2.41.0, revoking a user’s role could be delayed in effect due to caching, meaning revoked permissions could persist briefly. This behavior has been fixed in version 2.41.0 by ensuring the cache is clea...
EUVD-2025-150360
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
Frappe Learning 安全漏洞
Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. A security vulnerability exists in Frappe Learning version 2.0.0 up to and including version 2.41.0, which stems from improper cache cleanup and may result in a delayed role revocation taking effect...
[SECURITY] Fedora 42 Update: openbao-2.4.3-1.fc42
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
[SECURITY] Fedora 41 Update: openbao-2.4.3-1.fc41
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
ROS-20251022-03
ProFTPD FTP server vulnerability is related to a null pointer dereferencing error in the function tlsverifycrl in ProFTPD when processing data returned by OpenSSL function skX509REVOKEDvalue when detecting an empty certificate revocation list set by the system administrator. Exploitation of the...
CVE-2025-62174
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using bin/tootctl accounts modify --reset-password, active sessions and access tokens for...
The Trump Administration’s Increased Use of Social Media Surveillance
This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US: The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political...