EUVD-2025-210030

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

CVE-2025-53302 WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

CVE-2025-53302 WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

PT-2026-45719

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

CVE-2026-5957 EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...

CVE-2026-5957

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...

PT-2026-36969

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create template method of the CheckForm class, where realpath is called on the allowed base directory...

WordPress EmailKit – Email Customizer for WooCommerce & WP plugin <= 1.6.5 - Authenticated (Author+) Arbitrary File Read vulnerability

Authenticated Author+ Arbitrary File Read vulnerability discovered by Nguyen Cong Quang in WordPress Plugin EmailKit versions = 1.6.5...

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.6.5

Red Hat OpenShift Builds 1.6.5 Releases of Red Hat OpenShift Builds 1.6.5...

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

PT-2026-35070

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.6.5 Description The OAuth client creation endpoints failed to invoke the hook associated with the clientPrivileges option before persisting new clients. Consequently, deployments intended to restrict client...

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.6.5

Red Hat OpenShift Builds 1.6.5 Releases of Red Hat OpenShift Builds 1.6.5...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

agentstack-cli (>=0.5.0 <=0.6.2rc6), aieng-platform-onboard (>=0.5.0 <=0.6.1) +35 more potentially affected by CVE-2026-28802 via authlib (>=1.6.5 <=1.6.6)

authlib PYPI version =1.6.5, =0.5.0, =0.5.0, =0.21.0, =0.44.0, =1.7.0, =0.8.0, =1.0.20, =0.12.0, =1.0.3, =0.2.0, =0.1.3, =1.0.0, =1.115.2, =0.2.20, =1.0.0, =1.1.2 and more Source cves: CVE-2026-28802 Source advisory: OSV:GHSA-7WC2-QXGW-G8GG...

CVE-2023-29426

Cross-Site Request Forgery CSRF vulnerability in Robert Schulz sprd.Net AG Spreadshop plugin = 1.6.5 versions...

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

Authlib 安全漏洞

Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. Authlib 1.6.5 and earlier versions have a security vulnerability that stems from a cache-supported state store that is not bound to the originating user session, which could lead to a CSR...