EUVD-2025-33405

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-35058

Newforma Info Exchange (NIX) contains a vulnerable endpoint /UserWeb/Common/MarkupServices.ashx that can be triggered by a remote, unauthenticated attacker to force NIX to establish an SMB connection to an attacker‑controlled system, enabling the attacker to capture the NTLMv2 hash of the configu...

CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

argus-notification-msteams (=0.5.1), argus-server (>=1.0.0 <=1.22.1) +97 more potentially affected by CVE-2025-61783 via social-auth-app-django (>=5.0.0 <=5.4.3)

social-auth-app-django PYPI version =5.0.0, =1.0.0, =1.0.0, =4.14.0, =0.4.3, =0.8.7, =0.0.2a17, =1.0.0, =1.0.0, =1.2.0, =4.8.0, =0.0.2, =1.0.0, =1.1.0 and more Source cves: CVE-2025-61783 Source advisory: SNYK:PYTHON-SOCIALAUTHAPPDJANGO-13512562...

argus-notification-msteams (=0.5.1), argus-server (>=1.0.0 <=1.22.1) +113 more potentially affected by CVE-2025-61783 via social-auth-app-django (>=0.1.0 <=5.4.3)

social-auth-app-django PYPI version =0.1.0, =1.0.0, =1.0.0, =4.14.0, =0.15.0, =0.3.23, =0.8.7, =0.0.2a17, =1.0.0, =2.1.0, =1.0.1, =1.0.0, =1.0.8 and more Source cves: CVE-2025-61783 Source advisory: OSV:GHSA-WV4W-6QV2-QQFG...

Python Social Auth - Django has unsafe account association

Impact Upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Patche...

Missing Authentication for Critical Function

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api-key plugin's create endpoints. An attacker can gain unauthorized access to any user's account by...

@better-auth/cli (>=0.0.1 <=1.3.25), @bgord/bun (>=0.18.0 <=0.29.10) +21 more potentially affected by CVE-2025-61928 via better-auth (>=0.4.10-beta.10 <=1.3.25)

better-auth NPM version =0.4.10-beta.10, =0.0.1, =0.18.0, =0.5.11, =0.0.0, =0.1.174, =1.0.2, =1.0.5, =1.0.0, =0.0.5, =0.0.5, =1.1.368, =1.2.13, =1.2.106 and more Source cves: CVE-2025-61928 Source advisory: OSV:GHSA-99H5-PJCV-GR6V...

@better-auth/cli (>=1.2.0 <=1.3.25), @bgord/bun (>=0.18.0 <=0.29.10) +17 more potentially affected by CVE-2025-61928 via better-auth (>=1.2.0-beta.18 <=1.3.25)

better-auth NPM version =1.2.0-beta.18, =1.2.0, =0.18.0, =0.5.11, =0.0.0, =0.1.174, =1.0.2, =1.0.5, =1.0.0, =0.0.5, =1.2.13, =3.7.1, =1.0.12, =1.1.0 and more Source cves: CVE-2025-61928 Source advisory: SNYK:JS-BETTERAUTH-13537497...

EUVD-2025-33358

Better Auth: Unauthenticated API key creation through api-key plugin...

Python Social Auth 安全漏洞

Python Social Auth is an easy to set up social authentication/registration mechanism from Python Social Auth open source. Multiple frameworks and authentication providers are supported. A security vulnerability exists in Python Social Auth versions prior to 5.6.0, which stems from an unvalidated...

PT-2025-41335

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 5.18.0 Description A security flaw exists in ChurchCRM impacting the AuthMiddleware function within the src/ChurchCRM/Slim/Middleware/AuthMiddleware.php file of the API Endpoint component. This allows for missing...

Better Auth 安全漏洞

Better Auth is a TypeScript's most comprehensive authentication framework open-sourced by Better Auth. A security vulnerability exists in versions of Better Auth prior to 1.3.26 that originates from an unauthenticated attacker who can bypass authentication via the user ID in the request body,...

Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001034 fixes several issues. The following security issues were fixed: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth error bsc1245509. Patch...

SUSE SLES15 Security Update : kernel RT (Live Patch 9 for SLE 15 SP6) (SUSE-SU-2025:03476-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03476-1 advisory. This update for the Linux Kernel 6.4.0-1506001029 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched:...

SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:03470-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03470-1 advisory. This update for the Linux Kernel 6.4.0-1506001039 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched:...

SUSE SLES15 Security Update : kernel RT (Live Patch 4 for SLE 15 SP6) (SUSE-SU-2025:03468-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03468-1 advisory. This update for the Linux Kernel 6.4.0-1506001014 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched:...