Lucene search
+L

62 matches found

nessus
nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned...

5.4CVSS5.9AI score0.0016EPSS
Exploits1References3
osv
osv
added 2026/06/22 9:16 p.m.3 views

DEBIAN-CVE-2026-41479

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS6AI score0.0016EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2026/06/08 5:52 p.m.8 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +231 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.7AI score0.0016EPSS
Exploits1
ibm
ibm
added 2026/06/08 7:11 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.3 Vulnerability Details CVEID:CVE-2026-28498 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level...

9.1CVSS6.8AI score0.00731EPSS
Exploits5Affected Software1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.20 views

PT-2026-47585

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response type and supplies an attacker-controlled redirect uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As...

5.4CVSS5.6AI score
Exploits0References4
vulnersosv
vulnersosv
added 2026/05/27 8:16 p.m.7 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +234 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:PYSEC-2026-188...

6.1CVSS5.7AI score0.00203EPSS
Exploits1
osv
osv
added 2026/05/27 8:16 p.m.11 views

DEBIAN-CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/27 7:20 p.m.54 views

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS0.00203EPSS
Exploits1References1
debiancve
debiancve
added 2026/05/27 7:20 p.m.15 views

CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00203EPSS
Exploits1
euvd
euvd
added 2026/05/27 7:20 p.m.14 views

EUVD-2026-32637

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2026/05/13 1:36 a.m.8 views

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-44681 Source advisory: SNYK:PYTHON-AUTHLIB-16643257...

6.1CVSS5.4AI score0.00203EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/13 1:36 a.m.12 views

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-44681 Source advisory: OSV:GHSA-R95X-QFJJ-FJJ2...

6.1CVSS5.4AI score0.00203EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/13 1:36 a.m.6 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +234 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:GHSA-R95X-QFJJ-FJJ2...

6.1CVSS5.7AI score0.00203EPSS
Exploits1
snyk
snyk
added 2026/05/13 1:36 a.m.12 views

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

6.1CVSS5.9AI score0.00203EPSS
Exploits1References3
vulnersosv
vulnersosv
added 2026/04/24 8:16 p.m.14 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:PYSEC-2026-25...

5.4CVSS5.7AI score0.00106EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/16 10:38 p.m.9 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +167 more potentially affected by CVE-2026-41425 via authlib (>=1.0.0 <=1.6.10)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-41425 Source advisory:...

5.4CVSS5.7AI score0.00106EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/16 10:38 p.m.14 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:GHSA-JJ8C-MMJ3-MMGV...

5.4CVSS5.7AI score0.00106EPSS
Exploits1
susecve
susecve
added 2026/03/17 12:25 a.m.6 views

SUSE CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

9.1CVSS5.9AI score0.00548EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2026/03/16 8:53 p.m.7 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +225 more potentially affected by CVE-2026-28490 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-28490 Source advisory:...

8.3CVSS5.4AI score0.00142EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/16 8:53 p.m.6 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +225 more potentially affected by CVE-2026-28498 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-28498 Source advisory:...

9.1CVSS7.7AI score0.00226EPSS
Exploits1
Rows per page
Query Builder