The vulnerability of the mod_graph_auth_uri_handler() function in D-Link’s wireless repeater software DAP-1620 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the modgraphauthurihandler function in the wireless repeater software from D-Link, the DAP-1620, relates to the escape of operations beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause a service failure b...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-url annotation which can be used to inject configuration into nginx. Remediation Upgrade github.com/kubernetes/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1, 4.11.5,...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-url annotation which can be used to inject configuration into nginx. Remediation Upgrade k8s.io/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-tls-match-cn annotation. An attacker can execute arbitrary code and disclose sensitive information by injecting malicious configurations. Remediation Upgrade...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-tls-match-cn annotation. An attacker can execute arbitrary code and disclose sensitive information by injecting malicious configurations. Remediation Upgrade...

SUSE-SU-2025:0994-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 - CVE-2025-1219: Fixed libxml streams using wrong...

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from auth-tls-match-cn Ingress annotations can be used to inject configurations, which could le...

PT-2025-16178 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 16.07.26A1 Description: A critical issue affects the function auth asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to a stack-based buffer overflow. The attack needs to...

PHP 8.2.x < 8.2.28 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

sctp: sysctl: auth_enable: avoid using current->nsproxy

...

SUSE CVE-2025-27414

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

MAL-2025-2297 Malicious code in auth-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76847b48ca1b5549990fb4ce13215fc4034a40d098eb03794a245e5ea28df8d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in auth-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76847b48ca1b5549990fb4ce13215fc4034a40d098eb03794a245e5ea28df8d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-11063 · Google · Android

Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: A flaw exists in the onResult function of AccountManagerService.java due to a missing permission check. This could allow overwriting of an authentication token, potentially...

MAL-2025-2254 Malicious code in ee-server-auth-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32fbc3ea50c42c26476bf7cb134539c929e31be4c5e816c994e529e00b5ebf47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

U.S. Dept Of Defense: Information Disclosure in API Endpoint /users

An endpoint /users was exposing sensitive user information, including id, first name, last name, email, role, and authdata, to unauthenticated users. This allowed anyone to retrieve private user details without authentication...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +107 more potentially affected by CVE-2025-26699 via django (>=4.2.0 <=4.2.2)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.4.3 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...

aldryn-django (>=5.0.10.0 <=5.0.11.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2025-26699 via django (>=5.0.0 <=5.0.12)

django PYPI version =5.0.0, =5.0.10.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...