CVE-2025-39665 Livestatus Injection in dynmaps

User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames...

(Pwn2Own) Synology BeeStation Plus auth_info Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology BeeStation Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the authinfo parameter. The issue results from the lack of prope...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-13372 via django (>=4.2.0 <=4.2.26)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-13372 Source advisory: OSV:PYSEC-2025-104...

openSUSE 16 Security Update : dovecot24 (openSUSE-SU-2025-20113-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20113-1 advisory. - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +142 more potentially affected by unknown CVE via better-auth (>=1.0.0-canary.10 <=1.4.22)

better-auth NPM version =1.0.0-canary.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.7, =1.0.0, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-14157194...

Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

External Control of File Name or Path

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to External Control of File Name or Path via the getBaseURL function. An attacker can cause all routes to return 404 errors for all users by sending a crafted...

EUVD-2025-200097

Better Auth affected by external request basePath modification DoS...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +130 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.4.2-beta.5)

better-auth NPM version =0.4.10-beta.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.1, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =0.18.0, =1.9.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-569Q-MPPH-WGWW...

Malicious code in auth-1s7epg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86979a79a49db20dee0fecc4bf5e9a531adf3c2134b68b0828ed143f12514b2 The package auth-1s7epg was found to contain malicious code...

MAL-2025-191565 Malicious code in auth-1s7epg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86979a79a49db20dee0fecc4bf5e9a531adf3c2134b68b0828ed143f12514b2 The package auth-1s7epg was found to contain malicious code...

Improper Authentication

python-social-auth is vulnerable to Improper Authentication. The vulnerability is due to automatic user association by email even when the associatebyemail pipeline is not enabled, where unvalidated or non-unique emails provided by third-party authentication services can be linked to existing...

PT-2025-48413

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

Malicious Package

Overview auth-handler is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Onc...

SUSE-SU-2025:21159-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove proxyalways field. - config: Change settings history parsing to use python3. - doveadm: Print...

EUVD-2025-199783

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

PT-2025-51688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component, specifically in the handle auth session key function. This issue could lead to potential out-of-bounds writes due to...

PT-2025-48291

Name of the Vulnerable Software and Affected Versions Astro versions 5.15.7 and below Description Astro, a web framework, is affected by a double URL encoding bypass. This allows unauthenticated attackers to bypass path-based authentication checks in Astro middleware, potentially granting...

EUVD-2025-199765

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions...

Session Fixation

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...