108 matches found
USN-8008-1: Keystone Middleware vulnerability
Grzegorz Grasza discovered that the Keystone Middleware incorrectly sanitized authentication headers before processing OAuth 2.0 tokens. An attacker could possibly use this issue to escalate privileges or impersonate other users...
PT-2026-3754
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...
fuint 安全漏洞
fuint is an all-in-one system for store cashier, online loyalty center, and marketing by zach personal developer. A security vulnerability exists in fuint, which originates from a flaw in the authentication token processing component in file...
SUSE CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
Allocation of Resources Without Limits or Throttling
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractsegment and extractheader processes. An unauthenticated attacker can exhaust system resources and...
EUVD-2012-4484
Malware in sbrugna...
EUVD-2019-2206
Malware in sbrugna...
EUVD-2019-2208
Malware in sbrugna...
EUVD-2008-5061
Malware in sbrugna...
EUVD-2012-4483
Malware in sbrugna...
EUVD-2025-32420
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the...
EUVD-2025-12671
Malicious code in bioql PyPI...
EUVD-2025-12612
Malicious code in bioql PyPI...
EUVD-2024-0946
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-10180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service TPS did not properly sanitize several parameters stored for the...
Linux Distros Unpatched Vulnerability : CVE-2019-10178
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the Activity page, enabling a Stored Cross Site Scripting XSS...
Linux Distros Unpatched Vulnerability : CVE-2020-1696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processing of OpenID Connect tokens. An attacker can access internal network resources and potentially obtain sensitive information by submitting specially crafted tokens that trigger unauthorize...
CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...
SUSE-SU-2025:20051-1 Security update for krb5
This update for krb5 fixes the following issues: - CVE-2024-37370: Confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields were erroneously accepted during unwrap bsc1227186 - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields...