Astra Linux - уязвимость в linux-5.15, linux-6.1

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through an upstream type-confusion bug in seroval package. An attacker can trigger unintended execution of a different client-referenced server function by sending a specially...

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

CVE-2026-1524

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

Command Injection

Overview fugue is an An abstraction layer for distributed computation Affected versions of this package are vulnerable to Command Injection via the decode function, which invokes cloudpickle.loads on untrusted data. An attacker can execute arbitrary code on the server by sending specially crafted...

Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞

Citrix NetScaler ADC and Citrix NetScaler Gateway are both products of Citrix Corporation, U.S.A. Citrix NetScaler ADC is an application delivery and security platform.Citrix NetScaler Gateway is a secure remote access solution. A security vulnerability exists in Citrix NetScaler ADC and Citrix...

EUVD-2016-3486

Malware in sbrugna...

EUVD-2021-0201

Malware in sbrugna...

EUVD-2022-26178

Malicious code in bioql PyPI...

EUVD-2022-24819

Malicious code in bioql PyPI...

EUVD-2024-38303

Malicious code in bioql PyPI...

EUVD-2024-2267

Malicious code in bioql PyPI...

EUVD-2023-24365

Malicious code in bioql PyPI...

EUVD-2023-49452

Malicious code in bioql PyPI...

EUVD-2023-35307

Malicious code in bioql PyPI...

CVE-2025-53895 ZITADEL has broken authN and authZ in session API and resulting session tokens

ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they know its ID, due to a missing permission chec...

CVE-2025-53535

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This...

K000151646: Apache HTTP server vulnerability CVE-2025-31492

Security Advisory Description modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to...

CVE-2023-27580

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...