CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

CVE-2025-14338 Polkit authentication dis isabled by default in inputplumber

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005...

PT-2026-2920

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...

CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

EUVD-2026-2017

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

MiracleLinux 9 : php:8.1 (AXSA:2025-9901:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9901:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

MiracleLinux 9 : php:8.3 (AXSA:2025-10557:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10557:01 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

GO-2026-4280 Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver

Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver...

Malicious Package

Overview passport-google-auth-token is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2026-1966

Malicious code in passport-google-auth-token npm...

EUVD-2026-1983

Malicious code in auth-types npm...

MAL-2026-215 Malicious code in auth-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0897a10b33b937c04d8f134ccac05ecdfd6050bbfaffbb07cd3ade9256bd24 The package auth-types was found to contain malicious code. Source: ghsa-malware 1096a2a969c582b5029b85a0c4eb85eec4d53f96c178a1523abe0978392a139d Any...

Malicious Package

Overview auth-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in auth-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0897a10b33b937c04d8f134ccac05ecdfd6050bbfaffbb07cd3ade9256bd24 The package auth-types was found to contain malicious code. Source: ghsa-malware 1096a2a969c582b5029b85a0c4eb85eec4d53f96c178a1523abe0978392a139d Any...

ROS-20260112-7352

A vulnerability in the core.c, fabrics-cmd-auth.c, fabrics-cmd.c components of the Linux operating system kernel is related to resource leakage. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...