CVEs classified under CWE-324, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-36031 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time…
CVE-2025-31123 — CVSS 8.7 (high): Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens…
CVE-2025-2291 — CVSS 8.1 (high): Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an…
CVE-2026-52809 — CVSS 6.8 (medium): Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the…
CVE-2024-25679 — CVSS 6.5 (medium): In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by…
CVE-2025-33012 — CVSS 6.3 (medium): IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an…
CVE-2025-48813 — CVSS 6.3 (medium): Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVE-2022-24732 — CVSS 6.3 (medium): Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or…
CVE-2024-38277 — CVSS 5.4 (medium): A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between…
CVE-2025-13723 — CVSS 5.3 (medium): IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive…
CVE-2024-7318 — CVSS 4.8 (medium): A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds…
CVE-2024-6299 — CVSS 4.8 (medium): Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to…
CVE-2023-5342 — CVSS 4.1 (medium): The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components…