PT-2026-25056

Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.3 Description Tinyauth is an authentication and authorization server. The OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization...

CVE-2026-26998

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

CVE-2026-26998

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

GHSA-FW45-F5Q2-2P4X Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS

Impact There is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize...

PT-2026-23083

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.38 and 3.6.9 Description Traefik, an HTTP reverse proxy and load balancer, has a potential issue in how it manages responses from the ForwardAuth middleware. When configured to use ForwardAuth, the response body...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.9 Images Security Update

New images are available for Red Hat build of Keycloak 26.4.9 and Red Hat build of Keycloak 26.4.9 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

Hitachi Energy FOX61x

SUMMARY Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to...

CVE-2025-12101

Cross-Site Scripting XSS in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

CVE-2025-12101 Cross-Site Scripting (XSS)

Cross-Site Scripting XSS in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

PT-2025-46341

Name of the Vulnerable Software and Affected Versions NetScaler ADC and NetScaler Gateway versions 12.1-FIPS and NDcPP prior to 12.1-55.333-FIPS and NDcPP NetScaler ADC and NetScaler Gateway versions 13.1 prior to 13.1-60.32 NetScaler ADC and NetScaler Gateway versions 13.1-FIPS and NDcPP prior t...

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

CVE-2023-53690

Nagios Fusion (versions prior to 4.2.0) is affected by a stored XSS vulnerability in the LDAP/AD authentication-server configuration. The flaw arises from unsanitized input that can be stored and later rendered in the administrative UI, causing JavaScript execution in users’ browsers when viewing...

PT-2025-44488

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0 Description Nagios Fusion versions prior to 4.2.0 have a stored cross-site scripting XSS issue in the LDAP/AD authentication-server configuration. User input that is not properly sanitized can be stored an...

Updated nginx package fixes security vulnerability

It was discovered that nginx contains a security issue in the ngxmailsmtpmodule which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server CVE-2025-53859...

MGASA-2025-0245 Updated nginx package fixes security vulnerability

It was discovered that nginx contains a security issue in the ngxmailsmtpmodule which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server CVE-2025-53859...

CVE-2025-55035 Mattermost Desktop DoS when user has basic authentication server configured

Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having th...

EUVD-2013-4028

Malware in sbrugna...