426 matches found
UBUNTU-CVE-2026-27651
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
CVE-2026-27651
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
K000160336: Out-of-band Security Notification (March 24, 2026)
Security Advisory Description On March 24, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs...
SUSE-SU-2026:0982-1 Security update for util-linux
This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...
CVE-2026-33288 SuiteCRM has Authenticated SQL Injection in Authentication Module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize...
CVE-2026-4045 projectsend Auth.php response discrepancy
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...
Huawei HarmonyOS Device Authentication Module Authentication Bypass Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS device authentication module, which can be exploited by an attacker to compromise...
Himmelblau 安全漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that authentication was not limited by tenant domains, allowing for attempts at...
SUSE-SU-2026:0857-1 Security update for util-linux
This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the IsCorrectUsernameAndPassword validation. An attacker can cause a victim's browser to initiate a session tied to an account for which the attacker knows the credentials by tricking the victim into...
EUVD-2026-9795
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
PT-2026-23411
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS device authentication module, which can be exploited by an attacker to compromise...
CVE-2026-2584
A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...
CVE-2026-2584
A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...