CVE-2021-22525

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1...

CVE-2021-22531

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0...

CVE-2022-26329

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

CVE-2019-11650

A potential Man in the Middle attack MITM was found in NetIQ Advanced Authentication Framework versions prior to 6.0...

CVE-2021-22529

A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2022-26326

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2...

CVE-2021-22530

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authenticati...

CVE-2022-38758

Cross-site Scripting XSS vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL...

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

GHSA-8M3C-C723-H4P4 django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

Improper Certificate Validation

Overview django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party social account authentication. Affected versions of this package are vulnerable to Improper Certificate Validation via the preferredusername field...

PYSEC-2025-111

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

PYSEC-2025-111

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

CVE-2025-65431

CVE-2025-65431 affects allauth-django prior to 65.13.0. Okta and NetIQ implementations used the mutable identifier preferred_username for third‑party provider accounts; this value should not drive authorization decisions. The vulnerability arises because the identifier used for linking/authorizat...

allauth-django 安全漏洞

allauth-django is an authentication application from allauth open source. A security vulnerability exists in allauth-django versions prior to 65.13.0 that stems from Okta and NetIQ's use of preferredusername as an identifier for third-party provider accounts, which could lead to improper...

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

EUVD-2012-5804

Malware in sbrugna...