CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

PT-2026-24743

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

CGM CLININET Trust Management Issue Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a trust management issue vulnerability that stems from the decodeParam function not verifying the signature algorithm, which can be exploited by an attacker to generate arbitrary user sessions...

CVE-2025-30064

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

CVE-2025-30064

Technical details about CVE-2025-30064 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; current sources do not reveal affected products, versions, or remediation steps.

CVE-2021-29368

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions...

Session fixation

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions...

CVE-2021-29368

CVE-2021-29368 affects CuppaCMS with a session fixation flaw that allows an attacker to access arbitrary user sessions. Affected are versions prior to the commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 (Nov 12, 2019). Root cause is session handling that permits fixation, enabling unauthorized se...

CVE-2021-29368

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions...

CuppaCMS 授权问题漏洞

CuppaCMS is a content management system CMS. A security vulnerability exists in CuppaCMS that stems from the presence of a session fixation vulnerability, which can be exploited by an attacker to access arbitrary user sessions...