SUSE CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

CVE-2025-6011

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6011

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6011 Timing Side-Channel in Vault’s Userpass Auth Method

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6011

CVE-2025-6011 describes a timing side-channel in Vault and Vault Enterprise's userpass authentication that could let an attacker distinguish existing vs non-existing usernames, enabling possible username enumeration. Root cause: timing differences during user existence checks in the Userpass meth...

Malicious code in fulfillment-auth-widget (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6723 Malicious code in fulfillment-auth-widget (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6656 Malicious code in simple-auth-manager-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in asdqweasdregistry-auth-token (npm)

--- -= Per source details. Do not edit below this line.=-...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to using the skipauthroutes configuration option with regex patterns. An attacker can gain unauthorized access to protected resources by crafting URLs with query parameters that match overly broad or improperly...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to using the skipauthroutes configuration option with regex patterns. An attacker can gain unauthorized access to protected resources by crafting URLs with query parameters that match overly broad or improperly...

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

watchTowr's latest research details critical SonicWall SMA100 flaws CVE-2025-40596, 40597, 40598. Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now!...

SUSE-SU-2025:20513-1 Security update for pam-config

This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack. bsc1243226...

PT-2025-33004

Name of the Vulnerable Software and Affected Versions NGINX versions prior to 1.28.1 NGINX versions prior to 1.29.1 Description NGINX Open Source and NGINX Plus are affected by a vulnerability in the ngx mail smtp module. This flaw could allow an unauthenticated attacker to read data from NGINX...

SUSE-SU-2025:20533-1 Security update for pam-config

This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack. bsc1243226...

kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of...

Malicious Package

Overview ipp-auth-service-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

The vulnerability of the yiisoft/yii2-redis framework in Yii, which allows attackers to expose protected information.

The vulnerability of the yiisoft/yii2-redis framework in Yii is related to the exposure of information through registration files. Exploiting this vulnerability allows a malicious actor to disclose protected information through the AUTH parameter...

2FAuth 安全漏洞

2FAuth is a web application from Bubka Personal Developers for managing two-factor authentication 2FA accounts and generating their security codes. A security vulnerability exists in 2FAuth version v5.5.0 that stems from a group deletion contention condition that could lead to data inconsistencie...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...