12 matches found
CVE-2026-30863
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...
CVE-2021-22865
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...
Input validation
Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...
Malicious code in @maui-mf/app-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13b712292b3c9e70cd1b5a4a07c11ab5005e5870ebe6902b300d2dc418516102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2021-23558 · Sqlite Consortium +2 · Sqlite +2
Name of the Vulnerable Software and Affected Versions: The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite affected versions not specified Description: The issue concerns a remote SQL injection bypass authentication vulnerability for the admin account. The username parameter fr...
About the security content of watchOS 6.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
Google Enables Gmail Two-Factor Security in 150 Countries
Nearly six months after first introducing two-step verification for its Gmail service, Google has expanded the security feature to users outside the English-speaking world, opening it up to people in more than 150 countries. The company said on Thursday that it has enabled the two-step verificati...