LDAP Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the authData.id parameter during the construction of LDAP Distinguished Names and...

studiocms (>=0.1.0 <=0.1.0-beta.31) potentially affected by CVE-2026-30945 via @withstudiocms/auth-kit (>=0.1.0-beta.1 <=0.1.0)

@withstudiocms/auth-kit NPM version =0.1.0-beta.1, =0.1.0, =0.1.0-beta.31 Source cves: CVE-2026-30945 Source advisory: SNYK:JS-WITHSTUDIOCMSAUTHKIT-15518584...

Auth 安全漏洞

Auth is a user authentication and management system developed by Supabase. Previous versions of Supabase Auth, such as 2.185.0, had security vulnerabilities. These vulnerabilities occurred when Apple or Azure providers were enabled, allowing attackers to issue session tokens for arbitrary users...

PT-2026-24743

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

GO-2026-4593 Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik

Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik...

GO-2026-4615 Gokapi has privilege escalation with auth token in github.com/forceu/gokapi

Gokapi has privilege escalation with auth token in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

Incorrect Authorization

Overview @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Incorrect Authorization through the api-tokens endpoint, which allows an authenticated user with editor privileges or higher to generate API tokens for any user by...

studiocms (>=0.1.0 <=0.1.0-beta.31) potentially affected by CVE-2026-30944 via @withstudiocms/auth-kit (>=0.1.0-beta.1 <=0.1.0)

@withstudiocms/auth-kit NPM version =0.1.0-beta.1, =0.1.0, =0.1.0-beta.31 Source cves: CVE-2026-30944 Source advisory: SNYK:JS-WITHSTUDIOCMSAUTHKIT-15518581...

Sensitive Information Exposure

@perfood/couch-auth is vulnerable to Sensitive Information Exposure. The vulnerability is due to session tokens and passwords being stored in JavaScript objects without explicit memory clearing, allowing sensitive data to remain in memory and potentially be extracted through memory dumps or...

Security Bulletin: IBM MQ is affected by an authority vulnerablility (CVE-2026-1713)

Summary IBM MQ has addressed an authority vulnerablility Vulnerability Details CVEID:CVE-2026-1713 DESCRIPTION: IBM MQ is affected by an authority vulnerability allowing users access to SYSTEM.AUTH.DATA.QUEUE. CWE:CWE-305: Authentication Bypass by Primary Weakness CVSS Source: IBM CVSS Base score...

SUSE CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

GHSA-RV5F-CCPM-XJJ4 Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

CVE-2026-25604 Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

TRUfusion Enterprise <= 7.10.4.0 - Path Traversal

Pre-Auth Path Traversal Allowing to Leak Local server files disclosing sensitive clear-text passwords. id: CVE-2025-27222 info: name: TRUfusion Enterprise = 7.10.4.0 - Path Traversal author: DhiyaneshDK,rcesecurity severity: critical description: | Pre-Auth Path Traversal Allowing to Leak Local...

PT-2026-24054

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

@openinc/parse-server-opendash (>=3.0.0 <=3.30.0), @servable/parse-server-engine (>=1.6.0 <=1.17.0) +5 more potentially affected by CVE-2026-30850 via parse-server (=8.6.76)

parse-server NPM version =8.6.76 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - @openinc/parse-server-opendash =3.0.0, =1.6.0, =1.0.0, =1.0.3, =2.0.0, =2.0.0, =0.0.1, =0.1.0 Source cves: CVE-2026-30850 Source...

@openinc/parse-server-opendash (>=3.0.0 <=3.30.0), @servable/parse-server-engine (>=1.6.0 <=1.17.0) +5 more potentially affected by CVE-2026-30848 via parse-server (=8.6.76)

parse-server NPM version =8.6.76 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - @openinc/parse-server-opendash =3.0.0, =1.6.0, =1.0.0, =1.0.3, =2.0.0, =2.0.0, =0.0.1, =0.1.0 Source cves: CVE-2026-30848 Source...