CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

CVE-2025-27154

CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

DEBIAN-CVE-2025-21737

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephmdsauthmatch We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly cras...

UBUNTU-CVE-2025-21737

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephmdsauthmatch We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly cras...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the cephmdsauthmatch function, which could lead to a system crash...

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon that stems from a lack of rate limiting in /auth/setup, which could result in sending emails to arbitrary addresses...

Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...

CVE-2025-27143

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

DEBIAN-CVE-2024-12368

Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: paranoia, ip-masq-agent, configmap-reload, vt-cli, nuclei, dagger, aws-load-balancer-controller, kaf, crossplane-provider-azure, s5cmd, kube-bench, bazelisk, ctop, php-fpmexporter, influx, cni-plugins, delve, aws-flb-kinesis, haproxy-ingress, kwok, cadvisor,...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: vt-cli, crossplane-provider-sql, crossplane-provider-azure, kube-bench, php-fpmexporter, haproxy-ingress, kwok, cadvisor, mockgen, litestream, openfga, scorecard, nri-prometheus, nri-rabbitmq, argo-rollouts, kube-rbac-proxy, velero-plugin-for-csi, grpc-health-probe,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: paranoia, ip-masq-agent, configmap-reload, vt-cli, nuclei, dagger, aws-load-balancer-controller, kaf, crossplane-provider-azure, s5cmd, kube-bench, bazelisk, ctop, php-fpmexporter, influx, cni-plugins, delve, aws-flb-kinesis, haproxy-ingress, kwok, cadvisor,...

CVE-2025-27143

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

@better-auth/cli (>=0.0.1 <=1.1.20-beta.5), @silgi/better-auth (>=0.0.5 <=0.0.12) +3 more potentially affected by CVE-2025-27143 via better-auth (>=0.4.10-beta.10 <=1.1.20-beta.5)

better-auth NPM version =0.4.10-beta.10, =0.0.1, =0.0.5, =1.1.368, =1.1.0, =1.1.2-fix.1 - better-auth-monitor =1.0.0 Source cves: CVE-2025-27143 Source advisory: OSV:GHSA-HJPM-7MRM-26W8...

Better Auth 输入验证错误漏洞

Better Auth is a TypeScript's most comprehensive authentication framework open-sourced by Better Auth. An input validation error vulnerability exists in versions of Better Auth prior to 1.1.21 that stems from improper validation of the callbackURL parameter in the email validation endpoint and an...

OESA-2025-1170 etcd security update

%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...