GHSA-CQ3F-VC6P-68FH Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending

Am I affected? You are affected if all of the following are true: - You use better-auth at a version = 1.6.0, 1.6.11. - The deviceAuthorization plugin is enabled in your auth config deviceAuthorization in your plugins array. - A third party can observe a pending user code before the legitimate us...

PYSEC-2026-25

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

PYSEC-2026-25

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

DEBIAN-CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

EUVD-2026-25615

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

CVE-2026-41425

Authlib (Python) Authlib.integrations.starlette_client.OAuth cache feature is vulnerable prior to version 1.6.11 due to missing CSRF protection. The vulnerability affects the cache path of the OAuth implementation, enabling cross-site request forgery under the described conditions. The issue is f...

CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

PT-2026-35068

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette client.OAuth. This vulnerability is fixed in 1.6.11...

Authlib 跨站请求伪造漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.11 contained a cross-site request forgeing vulnerability, which stemmed from the lack of CSRF protection in the caching...

Cross-site Request Forgery (CSRF)

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the Client integrations due to the lack of CSRF protection for cash parameters. An attacker can perform unauthorized actions on behalf...

EUVD-2026-9597

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...

CVE-2026-23801

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...

WordPress plugin The Issue 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

SUSE CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme The Issue versions = 1.6.11...

CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

CVE-2026-25760

CVE-2026-25760 (Sliver): A path traversal in Sliver’s website content subsystem allows an authenticated operator to read arbitrary files on the Sliver server host (credentials, configs, keys). Prior to 1.6.11, this is exploitable via manipulated content paths; fixed in 1.6.11. Affected components...