EUVD-2019-0822

Malware in sbrugna...

EUVD-2021-1410

Malware in sbrugna...

EUVD-2025-8064

Malicious code in bioql PyPI...

EUVD-2024-1237

Malicious code in bioql PyPI...

EUVD-2022-5322

Malicious code in bioql PyPI...

CVE-2025-2559

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This...

Insufficient Verification Of Data Authenticity

org.wildfly.security:wildfly-elytron-http-oidc is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the session token caching logic when an OIDC app serving multiple tenants accesses a new tenant with a different OIDC configuration. This flaw occurs in...

CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

GHSA-V936-X3J5-C76J Session Fixation in Apache CXF

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

Session Fixation in Apache CXF

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

CVE-2021-43055 TIBCO eFTL Token Caching Vulnerability

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected...

TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL -2021-43055

TIBCO eFTL Token Caching Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43055 Source: TIBCO SoftwareInc. Products Affected TIBCO eFTL - Community Edition versions 6.7.2 and below TIBCO eFTL - Developer Edition versions 6.7.2 and below TIBCO eFTL - Enterprise Editi...

TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL -2021-43055

TIBCO eFTL Token Caching Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43055 Source: TIBCO SoftwareInc. Products Affected TIBCO eFTL - Community Edition versions 6.7.2 and below TIBCO eFTL - Developer Edition versions 6.7.2 and below TIBCO eFTL - Enterprise Editi...

Seafile 安全漏洞

Seafile is an open source enterprise cloud disk from Haven Hootsuite Network Technologies. The product features Markdown WYSIWYG editing, Wiki, file labeling, and more. Seafile has a security vulnerability that stems from the use of synchronization tokens in the Seafile file synchronization...

CVE-2021-32701

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

CVE-2021-32701

ORY Oathkeeper’s CVE-2021-32701 describes an issue in the oauth2_introspection cache where a second request for a different scope (bar) could be treated as valid even if the new scope wasn’t granted, due to the cache not validating scopes beyond expiration. The root cause is that tokenFromCache i...

CVE-2020-3442

The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined...

CVE-2019-1258

An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this...

PT-2019-3054 · Microsoft · Azure Active Directory Authentication Library

Name of the Vulnerable Software and Affected Versions: Azure Active Directory Authentication Library affected versions not specified Description: The issue is related to insecure privilege management in the Azure Active Directory Authentication Library, specifically in the On-Behalf-Of flow, wher...

CVE-2019-0015

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted...