EUVD-2025-3603

Malicious code in bioql PyPI...

Himmelblau 安全漏洞

Himmelblau is an Azure Entra ID authentication module open-sourced by Himmelblau. A security vulnerability exists in Himmelblau versions 0.9.0 to 0.9.22, which stems from the derivation of a numeric GID from a group display name, which could lead to authorization bypass...

CVE-2025-49012

CVE-2025-49012 (Himmelblau) affects Himmelblau versions 0.9.0–0.9.14 and 1.00-alpha. The issue arises when Entra ID group-based access restrictions use group displayName instead of objectId in pam_allow_groups, allowing a user to create a duplicate-named group, join it, and bypass central-group-b...