python311-social-auth-core-4.8.7-1.1 on GA media (moderate)

python311-social-auth-core-4.8.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10681-1 Rating: moderate Cross-References: CVE-2026-32597 CVSS scores: CVE-2026-32597 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2026-32597 SUSE : 8.7...

Malicious code in @telekom-wfa/auth-core (npm)

Package is malware. Hardcoded Telegram credentials, data exfiltration, and preinstall script execution indicate malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a2fe12e5542ae8cf1cf339c13c3480629ccfd6e2fb391427c4f1b17bbdc9f85 The package...

MAL-2026-2523 Malicious code in @telekom-wfa/auth-core (npm)

Package is malware. Hardcoded Telegram credentials, data exfiltration, and preinstall script execution indicate malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a2fe12e5542ae8cf1cf339c13c3480629ccfd6e2fb391427c4f1b17bbdc9f85 The package...

@aangeles/jefeui (>=1.10.0 <=1.11.6), @adamjoelfraser/auth-drizzle (>=1.0.0 <=1.0.2) +251 more potentially affected by unknown CVE via @auth/core (>=0.0.0-manual.fdbc96ab <=0.41.0)

@auth/core NPM version =0.0.0-manual.fdbc96ab, =1.10.0, =1.0.0, =0.1.0, =0.0.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =1.11.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-AUTHCORE-13744119...

EUVD-2022-4301

Malicious code in bioql PyPI...

MAL-2025-3794 Malicious code in next-auth-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0038c51339b63eb3fe77a5d623ae004832f05cc831ff582362d202f30a49072 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in next-auth-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0038c51339b63eb3fe77a5d623ae004832f05cc831ff582362d202f30a49072 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7188 Malicious code in wm-accounts-auth-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cdd1cfc8b0646198270138deb5824d92d72858377c39f84124570e1273629a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview wm-accounts-auth-core is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

GHSA-J7F2-CQVQ-5JCF Apache Sling Auth Core bundle vulnerable to Open Redirection

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core org.apache.sling.auth.core bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a...

Apache Sling Auth Core bundle vulnerable to Open Redirection

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core org.apache.sling.auth.core bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a...

CVE-2013-4390

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core org.apache.sling.auth.core bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a...

Open redirect

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core org.apache.sling.auth.core bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a...

CVE-2013-4390

The CVE-2013-4390 vulnerability affects the Apache Sling Auth Core bundle (org.apache.sling.auth.core) in the AbstractAuthenticationFormServlet, with versions prior to 1.1.4. An open redirect exists that lets remote attackers redirect users to arbitrary sites via a resource parameter, enabling ph...