ALPINE-CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2025-59028

CVE-2025-59028 affects Dovecot’s authentication path where invalid base64 SASL data can disconnect from the auth server, causing DoS of concurrent logins. Public advisories (openSUSE/SUSE openSUSE:20554-1, SLES16 SUSE-SU-2026:21208-1, Ubuntu USN-8136-1) indicate the issue in the dovecot24 package...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

GO-2026-4593 Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik

Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik...

CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS

Impact There is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize...

CVE-2023-49801

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the getpfp and getbanner routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is...

EUVD-2024-32495

Malicious code in bioql PyPI...

EUVD-2024-49550

Malicious code in bioql PyPI...

EUVD-2022-7035

Malicious code in bioql PyPI...

EUVD-2023-53713

Malicious code in bioql PyPI...

Malicious code in nqm-auth-server (npm)

The package nqm-auth-server was found to contain malicious code...

MAL-2025-27856 Malicious code in nqm-auth-server (npm)

The package nqm-auth-server was found to contain malicious code...

MAL-2025-6089 Malicious code in fxa-auth-server (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 001dcafa5fa85d6d5358a1a79909f92615e17cae27329f2b1fea9c1cc51d41ca Any computer that has this package installed or running should be considered...

CVE-2022-39273

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

CVE-2022-39268

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

CVE-2024-8535

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as...

CVE-2024-8535

Affected products: Citrix NetScaler ADC and NetScaler Gateway. Vulnerability: Authenticated users can access unintended user capabilities when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with Kerberos SSO using a KCDAccount, or as an Auth Server (AAA Vserver) wi...

CVE-2024-8534 Memory safety vulnerability leading to memory corruption and Denial of Service

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway VPN Vserver with RDP Feature enabled OR the appliance must be configured as a Gateway VPN Vserver and RDP Proxy Server Profile is created an...