Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...

Astra Linux - уязвимость в python2.7, pypy

In Python versions 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an HTTP server can perform Regular Expression Denial of Service ReDoS attacks against clients due to the use of urllib.request.AbstractBasicAuthHandler, which allows catastrophi...

GHSA-F5V4-2WR6-HQMG russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler

Summary A pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for 2FA/TOTP with a single malformed packet, requiring no credential...

GHSA-3JP4-MHH4-GCGR Kimai has an Open Redirect via Unvalidated RelayState in SAML ACS Handler

Summary The SAML authentication success handler in Kimai returns the RelayState POST parameter as a redirect destination without validating the host or scheme. After a user successfully authenticates via SAML, they are redirected to an attacker-controlled URL if the IdP includes a malicious...

CVE-2026-4823

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

Iperius Backup 访问控制错误漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.3 and earlier contained an access control vulnerability, which was caused by improper handling of the NTLM2 Handler component, potentially leading to information leakage...

CVE-2025-70231

Summary: CVE-2025-70231 affects D-Link DIR-513 v1.10, where processing POST requests to /goform/formLogin enters /goform/getAuthCode and fails to filter the FILECODE parameter, causing a path-traversal vulnerability with high impact. The CVSSv3.1 base score is 9.8 (CRITICAL), with network access,...

EUVD-2026-5686

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

CVE-2025-13473

CVE-2025-13473 affects Django 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The vulnerability lies in django.contrib.auth.handlers.modwsgi.check_password(), where authentication via mod_wsgi can allow remote attackers to enumerate users via a timing attack. Earlier/unsupported serie...

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

EUVD-2025-13591

Malicious code in bioql PyPI...

CVE-2009-20009

Belkin Bulldog Plus Web Service Buffer Overflow (CVE-2009-20009): Belkin Bulldog Plus v4.0.2 build 1219 is affected by a stack-based buffer overflow in the web service authentication handler caused by insufficient validation of the oversized Authorization header. This leads to memory corruption a...

CVE-2025-4356

A vulnerability was found in Tenda DAP-1520 1.10B04BETA02. It has been declared as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be...

CVE-2025-4356

A vulnerability was found in Tenda DAP-1520 1.10B04BETA02. It has been declared as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be...

CVE-2025-4356

CVE-2025-4356 affects Tenda DAP-1520 (firmware 1.10B04_BETA02). The vulnerability is a stack-based buffer overflow in the mod_graph_auth_uri_handler function under /storage of the Authentication Handler, caused by improper input length validation. It can be triggered remotely and has public explo...

CVE-2025-4356 Tenda DAP-1520 Authentication storage mod_graph_auth_uri_handler stack-based overflow

A vulnerability was found in Tenda DAP-1520 1.10B04BETA02. It has been declared as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be...

PT-2025-19945 · Tenda · Tenda Dap-1520

Name of the Vulnerable Software and Affected Versions: Tenda DAP-1520 version 1.10B04 BETA02 Description: A critical vulnerability has been found, affecting the mod graph auth uri handler function of the Authentication Handler component. This issue leads to a stack-based buffer overflow and can b...

CVE-2025-2620

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...

CVE-2025-2620 D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...