MiracleLinux 9 : php:8.1 (AXSA:2025-9901:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9901:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

GO-2026-4280 Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver

Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver...

EUVD-2026-1966

Malicious code in passport-google-auth-token npm...

Malicious Package

Overview passport-google-auth-token is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in auth-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0897a10b33b937c04d8f134ccac05ecdfd6050bbfaffbb07cd3ade9256bd24 The package auth-types was found to contain malicious code. Source: ghsa-malware 1096a2a969c582b5029b85a0c4eb85eec4d53f96c178a1523abe0978392a139d Any...

Malicious Package

Overview auth-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

EUVD-2026-1983

Malicious code in auth-types npm...

MAL-2026-215 Malicious code in auth-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0897a10b33b937c04d8f134ccac05ecdfd6050bbfaffbb07cd3ade9256bd24 The package auth-types was found to contain malicious code. Source: ghsa-malware 1096a2a969c582b5029b85a0c4eb85eec4d53f96c178a1523abe0978392a139d Any...

ROS-20260112-7352

A vulnerability in the core.c, fabrics-cmd-auth.c, fabrics-cmd.c components of the Linux operating system kernel is related to resource leakage. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

CVE-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

CVE-2023-49801

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the getpfp and getbanner routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is...

CVE-2023-49805

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...

CVE-2021-41093

Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See...

CVE-2025-23506

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imsoftware WP IMAP Auth wp-imap-authentication allows Reflected XSS.This issue affects WP IMAP Auth: from n/a through = 4.0.1...