4197 matches found
php security update
An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...
CLSA-2025-1759418654 cups: Fix of CVE-2025-58060
CVE-2025-58060: fix authentication bypass issue caused by not checking password when AuthType is not Basic...
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index PyPI repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive...
Malicious code in @imou/web-front-basic-alg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09a2b21767c80d9ac4dee1814eba71363cbdaf62aace137c60392788a16ad8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
CLSA-2025-1759329269 cups: Fix of 2 CVEs
CVE-2023-4504: validate length of attacker-crafted PPD PostScript documents to prevent heap-based buffer overflow and possible code execution - CVE-2025-58060: fix authentication bypass issue caused by not checking password when AuthType is not Basic...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
CVE-2025-41097
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
CVE-2025-56449
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...
CVE-2025-56449
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...
Obsidian Scheduler 安全漏洞
Obsidian Scheduler is an enterprise-level task scheduler from Obsidian USA. A security vulnerability exists in Obsidian Scheduler versions 5.0.0 through 6.3.0, which stems from an account lockout that still allows authentication via Basic Authentication, which could lead to bypassing MFA...
PT-2025-39827
Name of the Vulnerable Software and Affected Versions Obsidian Scheduler versions 5.0.0 through 6.3.0 Description A security issue exists in the Obsidian Scheduler REST API. If an account is locked out due to not enrolling in Multi-Factor Authentication MFA, the REST API continues to permit the u...
CVE-2025-56449
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...
CVE-2025-56449
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...
CVE-2025-56449
Obsidian Scheduler REST API 5.0.0–6.3.0 is affected. The root cause is that accounts locked out due to MFA enforcement can still authenticate via Basic Authentication for administrative actions, allowing creation of a new privileged user and bypassing MFA protections. The issue affects the REST A...
GO-2025-3972 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...