MAL-2025-4747 Malicious code in internal-auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6993797579f8f069d60fca14d78ba83e317c578b85e1d0d6c89b395247d0bf1 Any computer that has this package installed or running should be considered...

CVE-2025-5715

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...

Exploit for CVE-2025-0316

CVE-2025-0316-Exploit CVE-2025-0316 Exploit Toolkit 🚨 Auth...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in FacebookAuthFilter.java due to the logging of sensitive information during authentication failures. An attacker can gain access to user tokens by accessing the logs where these details...

GHSA-G3P6-82VC-43JH Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs...

Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

RHEL 10 : php (RHSA-2025:7489)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7489 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream...

yii2-redis 日志信息泄露漏洞

yii2-redis is an extension to yii open source. A log information disclosure vulnerability exists in yii2-redis versions prior to 2.0.20, which stems from the explicit logging of the AUTH parameter in the logs, which could lead to credential disclosure...

CVE-2025-20987

Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...

CVE-2025-20987

Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...

FreeBSD : Post-Auth Remote Code Execution found in Roundcube Webmail (0d6094a2-4095-11f0-8c92-00d861a0e66d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0d6094a2-4095-11f0-8c92-00d861a0e66d advisory. Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v Tenable...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR May-2025 Release 1, which stems from improper access control and could allow a locally...

Post-Auth Remote Code Execution found in Roundcube Webmail

Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed Segmentation fault when parsing malformed data URI...

Path Traversal

@supabase/auth-js is vulnerable to Path Traversal . The vulnerability is due to missing UUID validation on user-supplied inputs, which allows an attacker to manipulate URL paths and invoke unintended API functions...

GHSA-8R88-6CJ9-9FH5 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

Impact The library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...