EUVD-2026-33011

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

CVE-2025-69197

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

DRUPAL-CONTRIB-2025-052

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently check whether the TOTP token is already used or not for authenticator-based second-factor methods. This vulnerability is mitigated by the fact that an attacker must...

[SECURITY] Fedora 36 Update: golang-github-fernet-0-0.9.20200726giteff2850.fc36

Fernet takes a user-provided message an arbitrary sequence of bytes, a key 256 bits, and the current time, and produces a token, which contains the message in a form that can't be read or altered without the key...