Malicious code in vc-revocation-list-2020-context (npm)

The package vc-revocation-list-2020-context was found to contain malicious code...

MAL-2025-38166 Malicious code in vc-revocation-list-2020-context (npm)

The package vc-revocation-list-2020-context was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-51491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during...

Linux Distros Unpatched Vulnerability : CVE-2017-7374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibl...

Linux Distros Unpatched Vulnerability : CVE-2024-56138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during...

Linux Distros Unpatched Vulnerability : CVE-2022-40617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA...

Linux Distros Unpatched Vulnerability : CVE-2020-36425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CR...

Linux Distros Unpatched Vulnerability : CVE-2020-26957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate...

Building a Robust OAuth Token Based API Security: a High Level Overview

APIs Application Programming Interfaces or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization...

CVE-2025-4754

CVE-2025-4754 describes an Insufficient Session Expiration vulnerability in ash_authentication_phoenix (ash-project) that enables session hijacking. Affected component: lib/ash_authentication_phoenix/controller.ex; affected until version 2.10.0. Reported impact includes tokens remaining valid aft...

CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

GHSA-F7GQ-H8JV-H3CQ ash_authentication_phoenix has Insufficient Session Expiration

Impact Session tokens remain valid on the server after user logout, creating a security gap where: - Compromised tokens via XSS, network interception, or device theft continue to work even after the user logs out - The sessions stored in the database still expire, limiting the duration during whi...

ROS-20250526-06

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to the fact that the Shamir implementation uses pre-computed table lookups. Exploitation of the vulnerability could allow an attacker to gain access to potentially sensitive information...

CVE-2025-22149

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

CVE-2024-23332

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...

CVE-2024-21670

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...