CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2026-41427

CVE-2026-41427 affects Better Auth (TypeScript) OAuth provider. Prior to version 1.6.5, the clientPrivileges option documented a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. As a result, deployments configured to restrict client reg...

GHSA-XR8F-H2GW-9XH6 OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

CVE-2026-26281

InvoicePlane has a stored XSS in the Sumex invoice view. An authenticated user with client/invoice management privileges can inject JavaScript that runs in other users’ browsers viewing the invoice, potentially enabling session hijacking and data theft. A fixed version is 1.7.1. Remediate by upgr...

EUVD-2020-5893

Malware in sbrugna...

EUVD-2020-6227

Malware in sbrugna...

EUVD-2020-20619

Malware in sbrugna...

CVE-2020-14068

An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...

CVE-2005-3064

MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day motd.txt...

VMware ESXi 安全漏洞

VMware ESXi is a server virtualization platform from VMware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi, which originates from a denial of service condition that can be triggered by an attacker with client privileges...

CVE-2023-7090

A flaw was found in sudo in the handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them...

CVE-2021-32960

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...

Tibco Eftl 信息泄露漏洞

Tibco Eftl is an add-on to Tibco Ftl and Tibco Enterprise Message Service™ from Tibco USA, Inc. Extending Tibco Ftl® messaging to platforms such as Web browsers and mobile devices, an information disclosure vulnerability exists in TIBCO eFTL, which stems from a client inheriting privileges from a...

Microsoft Windows SMB Client 权限许可和访问控制问题漏洞

Microsoft Windows SMB Client is a Microsoft application. An SMB Client. Microsoft Windows SMB Client is vulnerable to privilege permission and access control issues. The following products and editions are affected:Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit...

CVE-2020-28133

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in salesinventory/login.php...

Sql injection

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in salesinventory/login.php...

MK-AUTH Authorization Issues Vulnerability

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. An authorization issue vulnerability exists in the Web login feature in MK-AUTH version 19.01, which can be exploited by an attacker to bypass authentication and gain client privileges...

Sql injection

An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...

samba: smb client vulnerable to filenames containing path separators

A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working...