36 matches found
CVE-2026-7018
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...
CVE-2026-7018 Datavane Datavines JWT Token TokenManager.java hard-coded key
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...
CVE-2026-7018 Datavane Datavines JWT Token TokenManager.java hard-coded key
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...
CVE-2026-7018
Datavane Datavines (up to build 13607645e14a4982468cfdbcf75c85cde63bae71) exposes a vulnerability in the JWT Token Handler component, specifically in TokenManager.java. Manipulation of the tokenSecret parameter can cause use of a hard-coded cryptographic key. The issue is exploitable remotely wit...
PT-2026-35199
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...
Datavines 加密问题漏洞
Datavines is a data quality monitoring and evaluation platform developed by Datavane. Versions of Datavines from 13,607,45e14a4982468cfdbcf75c85cde63bae71 onwards have a security vulnerability related to encryption. This vulnerability stems from the handling of the tokenSecret parameter in the...
org.keycloak.protocol.oidc: Keycloak Refresh Token Reuse Bypass via TOCTOU Race Condition
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
Keycloak does not validate and update refresh token usage atomically
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
GHSA-M2W5-7XHV-W6FH Keycloak does not validate and update refresh token usage atomically
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...
Malicious code in ccv-token-manager (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ce8a53c46aaab673372ddfde017c10e1b84cbd5b342474448f9ab5e3a5a37d2 Any computer that has this package installed or running should be considered...
MAL-2025-4552 Malicious code in ccv-token-manager (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ce8a53c46aaab673372ddfde017c10e1b84cbd5b342474448f9ab5e3a5a37d2 Any computer that has this package installed or running should be considered...
CVE-2023-22912
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...
eZ Platform CSRF token in login form is disabled by default
his security advisory fixes a potential vulnerability in the eZ Platform log in form. That form has a Cross-Site Request Forgery CSRF token, but the CSRF functionality is not enabled by default, meaning the token is inactive. The fix is distributed via Composer as ezsystems/ezplatform v2.5.4, and...
bridge_lmdb (=0.1.0), ithos (=0.0.0) +3 more potentially affected by unknown CVE via lmdb-rs (=0.7.6)
lmdb-rs CARGO version =0.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on lmdb-rs and may be impacted: - bridgelmdb =0.1.0 - ithos =0.0.0 - sanakirja =1.0.0, =0.1.0, =0.1.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0047...
PT-2023-18772 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue was discovered in MediaWiki where the CheckUser TokenManager insecurely uses AES-CTR...