161309 matches found
Malicious code in @mastra/auth-auth0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0fbe96c59a0cfac17ddbee22541fc2ba13a1ef82c91d75bc4b202c66aec4e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-12443
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-12443
CVE-2026-12443 is a use-after-free in Chrome’s Web Authentication implementation that could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected software: Google Chrome (Chromium). Underlying issue is in Web Authentication handling that leads to memory misuse. Impac...
kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...
kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done()
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...
CVE-2026-55706
sppppapinput in sys/net/ifspppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths...
PT-2026-50598
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a resulting denial-of-service. Additionally, the server...
PT-2026-50410
Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...
PT-2026-50193
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...
PT-2026-50413
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without authentication. When combined with the...
PT-2026-50521
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.409 Description An authentication bypass exists in passkey registration endpoints. When HERMES WEBUI PASSKEY=1 is enabled and no credentials exist, unauthenticated remote attackers can register arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2026-12443
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...
PT-2026-50530
Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...
PT-2026-50221
Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 076e2b1 Description The sppp pap input function in sys/net/if spppsubr.c allows authentication bypass when certain zero values are used for lengths. Real-world offensive activities targeting this issue have been...
PT-2026-50477
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-import' endpoint axiosRequestMake could be used as a generic HTTP proxy. The endpoint was reachable without authentication, and its URL-extension allowlist used a regular expressi...
PT-2026-50443
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Authentication allows an unauthenticated attacker with adjacent network access to potentially gain unauthorized access, leading to information disclosure and informati...
PT-2026-50527
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 Description A pre-authentication denial of service issue exists in the SSH MSG EXT INFO handler within src/packet.c. A malicious SSH server can trigger a CPU exhaustion loop on the client by sending a crafted...
PT-2026-50433
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...
PT-2026-50432
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Dell PowerFlex Manager versions prior to 4.5.5.2 Description An improper authentication issue allows an unauthenticated attacker with adjacent network access to bypass authentication without...
Traefik 2.x < 2.11.48 / 3.x < 3.6.19 / 3.7.x < 3.7.3 Authentication Bypass (CVE-2026-48020)
The version of Traefik installed on the remote macOS host is 2.x prior to 2.11.48, 3.x prior to 3.6.19, or 3.7.x prior to 3.7.3. It is, therefore, affected by an authentication bypass vulnerability: - The StripPrefix middleware allows unauthenticated attackers to bypass route-level authentication...