CVE-2025-23506

CVE-2025-23506 is a Reflected XSS in the WP IMAP Auth plugin affecting versions up to 4.0.1 (NotFound WP IMAP Auth). The root cause is improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 (HIGH) with NETWORK attacker, no user privileges, and user interaction requir...

SUSE CVE-2025-21638

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

UBUNTU-CVE-2025-21638

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

@aligent/cdk-esbuild (=2.1.0), @aligent/cdk-graphql-mesh-server (>=2.2.0 <=2.17.0) +242 more potentially affected by CVE-2025-23206 via aws-cdk-lib (>=2.0.0-alpha.4 <=2.176.0)

aws-cdk-lib NPM version =2.0.0-alpha.4, =2.2.0, =2.3.7, =2.1.0, =2.1.0, =2.0.0-beta, =5.0.31-acdk-upgrade-2-129.0, =2.16.0-acdk-upgrade-2-129.0, =5.0.31-acdk-upgrade-2-129.0, =3.7.10-acdk-upgrade-2-129.0, =3.1.19-acdk-upgrade-2-129.0, =5.7.5-acdk-upgrade-2-129.0, =3.5.10-acdk-upgrade-2-129.0,...

CVE-2024-5138: snapd snapctl auth bypass

Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using snap run --shell firefox followed by snapctl mount, since snapd...

aldryn-django (=5.0.10.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2024-56374 via django (>=5.0.0 <=5.0.10)

django PYPI version =5.0.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2024-56374 Source advisory: SNYK:PYTHON-DJANGO-8623541...

Malicious code in uber-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 514527f85a2deb8975f95374694c5dc8a3d09d328d3cb7adc36ea16d071367ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-106 Malicious code in uber-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 514527f85a2deb8975f95374694c5dc8a3d09d328d3cb7adc36ea16d071367ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-3553 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS versions prior to 2025.01.01 Description: The issue is related to a permission bypass in the component /interceptors/AuthInterceptor.cava. This component is part of the JeeWMS system, and the bypass could potentially allow unauthorized...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text...

GHSA-8JHW-6PJJ-8723 Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Summary An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. Affected Versions - All versions...

@better-auth/cli (>=0.0.1 <=1.1.22-beta.2), @silgi/better-auth (>=0.0.5 <=0.0.12) +3 more potentially affected by CVE-2024-56734 +1 more via better-auth (>=0.4.10-beta.10 <=1.1.5)

better-auth NPM version =0.4.10-beta.10, =0.0.1, =0.0.5, =1.1.368, =1.1.0, =1.1.2-fix.1 - better-auth-monitor =1.0.0 Source cves: CVE-2024-56734, CVE-2025-27143 Source advisory: OSV:GHSA-8JHW-6PJJ-8723...

CVE-2024-56734 Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on emai...

CVE-2024-56734 Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on emai...

CVE-2024-56734

CVE-2024-56734 affects Better Auth (TypeScript) prior to version 1.1.6, where the verify-email endpoint accepts a callbackURL parameter and uses JWT without proper domain validation. This open-redirect flaw can allow an attacker to redirect users to arbitrary, attacker-controlled sites. Root caus...

CVE-2024-56734 Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on emai...

PT-2024-37047 · Unknown · Better Auth

Name of the Vulnerable Software and Affected Versions: Better Auth versions prior to v1.1.6 Description: An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users...

PT-2025-7795 · Unknown · Better Auth

Name of the Vulnerable Software and Affected Versions: Better Auth versions prior to 1.1.21 Description: The application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts a callback URL...

Better Auth 输入验证错误漏洞

Better Auth is a framework-agnostic authentication and authorization framework designed for TypeScript. An input validation error vulnerability exists in versions prior to Better Auth v1.1.6, which stems from the presence of an open redirection vulnerability that could allow an attacker to redire...

UBUNTU-CVE-2024-56564

In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to cephmdsauthmatch This eliminates a redundant getcurrentcred call, because cephmdscheckaccess has already obtained this pointer. As a side effect, this also fixes a reference leak in cephmdsauthmatch: by...