3 matches found
CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +191 more potentially affected by CVE-2023-22946 via pyspark (>=2.1.2 <=3.3.1)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:GHSA-329J-JFVR-RHR6...
Zoom Media Gallery 2.1.2 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/13094/info zOOm Media Gallery is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result ...