Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access OIDC Provider

Summary Security vulnerabilities have been addresed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2026-39883 DESCRIPTION: OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to...

PT-2026-36107

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The SAML IdP implementation in the SSO module uses the AssertionConsumerServiceURL value from incoming SAML AuthnRequest messages as the destination for the SAML response without validating it agains...

CVE-2025-58190 affecting package kube-vip-cloud-provider for versions less than 0.0.10-5

CVE-2025-58190 affecting package kube-vip-cloud-provider for versions less than 0.0.10-5. A patched version of the package is available...

Microchip Time Provider 4100 安全漏洞

Microchip Time Provider 4100 is a precision time gateway developed by the American company Microchip. Versions prior to 2.5 of Microchip Time Provider 4100 contained security vulnerabilities. These vulnerabilities stemmed from the lack of integrity checks during code downloads, which could lead t...

CVE-2025-55325 Windows Storage Management Provider Information Disclosure Vulnerability

...

EUVD-2020-18822

Malware in sbrugna...

EUVD-2015-5214

Malware in sbrugna...

EUVD-2015-0037

Malware in sbrugna...

EUVD-2022-39536

Malicious code in bioql PyPI...

EUVD-2022-49128

Malicious code in bioql PyPI...

EUVD-2024-2072

Malicious code in bioql PyPI...

EUVD-2023-24178

Malicious code in bioql PyPI...

Security Bulletin: A security vulnerability has been discovered in IBM Verify Identity Access OIDC Provider (CVE-2024-56171)

Summary A security vulnerability has been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in...

airflow-oracle-snowflake-plugin (>=0.1.0 <=0.1.2), airflow-provider-cloe (>=20221202.9.0 <=20221202.13.0) +2 more potentially affected by CVE-2025-50213 via apache-airflow-providers-snowflake (>=1.1.0 <=6.12.2)

apache-airflow-providers-snowflake PYPI version =1.1.0, =0.1.0, =20221202.9.0, =0.0.4, =0.1.0, =0.1.1 Source cves: CVE-2025-50213 Source advisory: OSV:GHSA-9R64-3WMC-X8M8...

CVE-2025-33061 Windows Storage Management Provider Information Disclosure Vulnerability

...

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

CVE-2022-46311

The contacts component has a free undefined provider vulnerability. Successful exploitation of this vulnerability may affect data integrity...

GO-2025-3670 Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` in github.com/nrkno/terraform-provider-windns

Terraform WinDNS Provider improperly sanitizes input variables in windnsrecord in github.com/nrkno/terraform-provider-windns...

workers-oauth-provider 安全漏洞

workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from not properly verifying that the redirecturi is in the allowed list, which could lead to credential theft...

PT-2025-18345 · Unknown · Workers-Oauth-Provider

Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The issue is related to the OAuth implementation in workers-oauth-provider, part of the MCP framework. An attacker could cause the PKCE check to be skipped, completely...