Mattermost fails to validate user's authentication method when processing account auth type switch

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

CVE-2026-1580 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

Azure Linux 3.0 Security Update: irssi (CVE-2019-13045)

The version of irssi installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13045 advisory. - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free wh...

CVE-2021-27215

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces Admin, Userweb, Sidechannel can use different methods to perform the authentication of a user. A specific authentication method during login does not check th...

CVE-1999-0547

An SSH server allows authentication through the .rhosts file...

CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

ROS-20251125-05

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to authentication bypass using an alternate path or channel in AWS authentication method AWS authentication method. Exploitation of the vulnerability could allow an attacker acting...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in that the denynullbind parameter in LDAP authentication is false by default if it is not set in a config. An attacker can gain unauthorized access by exploiting LDAP servers that permit...

HashiCorp Vault Enterprise 安全漏洞

HashiCorp Vault Enterprise is an enterprise information archiving platform from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise versions 1.21.0, 1.20.5, 1.19.11, and 1.16.27, which stems from the same or wildcard use of the boundprincipaliam rol...

EUVD-2017-2663

Malware in sbrugna...

EUVD-2019-5526

Malware in sbrugna...

EUVD-2021-13980

Malware in sbrugna...

EUVD-1999-0538

Malware in sbrugna...

EUVD-2020-19998

Malware in sbrugna...

EUVD-2014-9392

Malware in sbrugna...

RLSA-2025:7419 Important: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...

EUVD-2024-2291

Malicious code in bioql PyPI...