Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.5AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.8 views

EUVD-2026-30115

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:17 p.m.15 views

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 6:46 p.m.12 views

CVE-2026-33585

The CVE-2026-33585 issue involves improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform, allowing an attacker to impersonate an authenticated tenant user via an unexpired browser session. Affected product: Symmetric Key Agreement Platform (before 26...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:46 p.m.7 views

CVE-2026-33585 Arqit SKA-Platform Improper Handling of Parameters Vulnerability

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:46 p.m.8 views

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40776

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS5.8AI score0.00134EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/17 11:35 a.m.3 views

CVE-2026-2247 SQL Injection in Clickedu's SaaS platform

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/14 5:38 p.m.6 views

CVE-2025-61775

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

6.9CVSS6.7AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 5:29 p.m.1 views

CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

6.9CVSS6.3AI score0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.2 views

Vickey 安全漏洞

Vickey is a microblogging platform open-sourced by Whimsies YATeam. A security vulnerability exists in Vickey versions prior to 2025.10.0 that stems from an unexpired email confirmation link that can be reused, potentially resulting in verified email addresses receiving duplicate confirmation...

6.9CVSS6.6AI score0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.7 views

PT-2025-41796

Name of the Vulnerable Software and Affected Versions Vickey versions prior to 2025.10.0 Description Vickey, a Misskey-based microblogging platform, has an issue where unexpired email confirmation links can be reused multiple times, leading to repeated confirmation emails being sent to a verified...

6.9CVSS6.6AI score0.00309EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27541

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 1:20 p.m.4 views

CVE-2025-10223

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

8.1CVSS6.6AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 1:15 p.m.4 views

CVE-2025-10223

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

8.1CVSS5.8AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/10 12:35 p.m.8 views

CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

5.4CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 12:35 p.m.2 views

CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

5.4CVSS6.2AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.5 views

AxxonSoft AxxonOne 安全漏洞

AxxonSoft AxxonOne is a video surveillance and security management software from AxxonSoft Ireland. A security vulnerability exists in AxxonSoft AxxonOne versions prior to 2.0.3, which stems from insufficient expiration of the Web Management Panel session, which may result in privilege retention...

8.1CVSS6.7AI score0.00234EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/06 4:0 a.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS6.6AI score0.00349EPSS
Exploits1References2
Rows per page
Query Builder