CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...

Linux Distros Unpatched Vulnerability : CVE-2020-36066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON. CVE-2020-36066 Note that Nessus relies on the presence of the package as...

CVE-2023-22318

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5...

AZL-34274 CVE-2024-24577 affecting package libgit2 for versions less than 1.6.5-1

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.6.5, 1.7.x versions prior to 1.7.3, and 1.8.x versions prior to 1.8.2, which stems fr...

hestiacp 操作系统命令注入漏洞

hestiacp is a lightweight and powerful control panel for the modern web. An operating system command injection vulnerability exists in hestiacp versions prior to 1.6.5, which stems from the ability to inject arbitrary commands when installing DokuWiki...

GHSA-4QQF-HMV6-R6WH Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...

UBUNTU-CVE-2020-36066

GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...

CVE-2020-36066

GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...

Tidwall Gjson 安全漏洞

GJSON is a Go package that provides a fast and easy way to get values from json documents. A denial of service vulnerability exists in GJSON versions prior to 1.6.5. An attacker can exploit this vulnerability to cause a denial of service via specially crafted JSON...

Sefrengo SQL Injection Vulnerability

Sefrengo is an open source web content management system CMS based on PHP and MySql. The system supports WYSIWYG editors, image uploads and more. A SQL injection vulnerability exists in versions of Sefrengo prior to 1.6.5 beta2. A remote attacker can exploit this vulnerability to execute arbitrar...

CVE-2015-5052

SQL injection vulnerability in Sefrengo before 1.6.5 beta2...

Pivotal GemFire for PCF Remote Privilege Elevation Vulnerability

Pivotal Software GemFire for PCF is a high-performance, scalable, in-memory distributed database for PCF from Pivotal Software, USA. A remote elevation of privilege vulnerability exists in Pivotal Software GemFire for PCF version 1.6.x prior to 1.6.5 and version 1.7.x prior to 1.7.1. A remote...

phpRechnung SQL Injection Vulnerability

phpRechnung is a web-based accounting software. A SQL injection vulnerability exists in the list.php script in versions prior to phpRechnung 1.6.5. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Oxide file picker memory misreference vulnerability

Oxide is a library that supports embedding Chromium the engine used by Google Chrome based WebView in applications. A memory misreference vulnerability exists in the file picker implementation of Oxide prior to version 1.6.5. A remote attacker could exploit this vulnerability via a specially...

wireshark: NULL pointer vulnerabilities (wnpa-sec-2012-02)

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet, related to epan/tostr.c...

DEBIAN-CVE-2012-0067

wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service application crash via a long packet in an AIX iptrace file...