Malicious Package

Overview internal-auth-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

CVE-2026-33042

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...

CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowin...

CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowin...

PT-2026-25757

Mattermost fails to validate user's authentication method when processing account auth type switch in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

PT-2025-47813

Name of the Vulnerable Software and Affected Versions Langfuse versions 2.95.0 through 2.95.11 Langfuse versions 3.17.0 through 3.130.0 Description Langfuse is a large language model engineering platform. In Single Sign-On SSO provider configurations lacking an explicit AUTH CHECK setting, a...

Malicious code in @nationalgeographicsociety/ngsui-header-auth-provider-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d38527cfd7590fab454ac20f3be069dae42b211700523eb5a58dfd421014d9be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-site Scripting (XSS)

github.com/rancher/rancher is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Projects/Namespaces and Auth Provider sections, which allows an attacker with write access to inject and execute malicious code and steal sensitive information, manipulate web content, or perform...

CVE-2018-13257

The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...

Design/Logic Flaw

The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...

[SECURITY] Fedora 10 Update: python-fedora-0.3.9-1.fc10

Python modules that help with building Fedora Services. This includes a JS ON based auth provider for authenticating against FAS2 over the network and a client that handles communication with the servers. The client module can be used to build programs that communicate with Fedora Infrastructure'...

[SECURITY] Fedora 9 Update: python-fedora-0.3.9-1.fc9

Python modules that help with building Fedora Services. This includes a JS ON based auth provider for authenticating against FAS2 over the network and a client that handles communication with the servers. The client module can be used to build programs that communicate with Fedora Infrastructure'...