PT-2025-28921 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions 1.2.8 and earlier Description: The Jenkins VAddy Plugin does not mask Vaddy API Auth Keys displayed on the job configuration form, potentially allowing attackers to observe and capture them. Recommendations: Upda...

CVE-2025-20982

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-20983

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-20982

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-53535 Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This...

CVE-2025-53535 Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This...

CVE-2025-53535

Better Auth Open Redirect (CVE-2025-53535) involves the TypeScript authentication/authorization library where the originCheck middleware incorrectly validates URLs, enabling an open redirect on routes including /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, and ...

CVE-2025-53535 Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This...

PT-2025-28223 · Unknown · Better Auth

Name of the Vulnerable Software and Affected Versions: Better Auth versions prior to 1.2.10 Description: An open redirect issue has been found in the originCheck middleware function of Better Auth, an authentication and authorization library for TypeScript. The affected routes include...

Better Auth 输入验证错误漏洞

Better Auth is a TypeScript's most comprehensive authentication framework open-sourced by Better Auth. An input validation error vulnerability exists in versions of Better Auth prior to 1.2.10, which stems from the presence of an open redirect in the originCheck middleware function, which could...

CVE-2025-53535

creationtimestamp| type| source ---|---|--- 2025-07-06 06:31:33+00:00| published-proof-of-concept| https://github.com/better-auth/better-auth/security/advisories/GHSA-36rg-gfq2-3h56...

AlmaLinux 9 : php:8.2 (ALSA-2025:7432)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An authentication error vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from a lack of authentication in the parameter authCode/goURL in the file /formLoginAuth.htm. An attacker could...

CVE-2015-0842

yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass...

SUSE SLES12 Security Update : pam_pkcs11 (SUSE-SU-2025:02032-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02032-1 advisory. - CVE-2025-6018: Removes pamenv from auth stack for security reason bsc1243226. Tenable has extracted the preceding description block directly from th...

Security update for pam-config

This update for pam-config fixes the following issues: CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack bsc1243226. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:02081-1 Security update for pam-config

This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack bsc1243226...

SUSE-SU-2025:02080-1 Security update for pam-config

This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack bsc1243226...

CVE-2024-7586

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

CVE-2024-7586 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...