GHSA-R9G5-7Q8J-958C FUXA provides guest and invalid-token access to protected read APIs in secure mode

Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...

FUXA provides guest and invalid-token access to protected read APIs in secure mode

Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...

PT-2026-44733

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0-2773 Description When secureEnabled is set to true, the software fails to properly restrict access to protected read endpoints. Requests made without a token or with an invalid token are treated as guest contexts rather than...

Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

EUVD-2012-4398

Malware in sbrugna...

EUVD-2020-21265

Malware in sbrugna...

EUVD-2007-0110

Malware in sbrugna...

CVE-2022-46829

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...

Error: "SR BACKEND FAILURE 181" in XenServer

After installation or upgrade to XenServer 6.0, user experiences issues with any storage related operations. The following error message appears: “SRBACKENDFAILURE181 Error In metadata Volume Operation For SR.” The following entries appears in the log /var/log/SMlog file: Error code:...

Mio Security Breach

Mio is the Metal I/O library for Rust. A security vulnerability exists in Mio versions v0.7.2 through prior to v0.8.11, which stems from the return of invalid tokens under certain circumstances, potentially leading to reuse after release...

CVE-2023-38367

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

CVE-2023-38367 IBM Cloud Pak for Automation authentication bypass

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

PT-2024-12715 · Ibm · Ibm Cloud Pak Foundational Services Identity Provider

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak Foundational Services Identity Provider idP API versions 18.0.0 through 22.0.2 Description: The issue allows an unauthenticated attacker to perform CRUD operations using an invalid token, potentially enabling them to view, updat...

SUSE CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

UBUNTU-CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from the fact that if a client sends an invalid mechanical token in a session setup request, ksmbd validates it a...

PT-2024-2003 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel ksmbd affected versions not specified Description: The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup function within the Linux kernel's ksmbd server. This can potentially allow an...