CVE-2026-40997

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

ROS-20260605-73-0034

The vulnerability in Tomcat is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the UDR DELETE handler’s type assertion panic when the ueId was not present, which could potentially result in a 5...

ROS-20260527-73-0003

Vulnerability in openbao related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In libceph, the error from monhandleauthdone should be returned. Currently, any error from cephauthhandlereplydone is propagated via finishauth, but it is not returned from monhandleauthdone. This results in higher layers...

ROS-20260420-73-0042

Vulnerability in incus related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...

GO-2026-4862 OpenBao has Reflected XSS in its OIDC authentication error message in github.com/openbao/openbao

OpenBao has Reflected XSS in its OIDC authentication error message in github.com/openbao/openbao...

GHSA-38WQ-6Q2W-HCF9 Rucio WebUI has Username Enumeration via Login Error Message

Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...

SUSE CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

CVE-2026-22992 libceph: return the handler error from mon_handle_auth_done()

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38089)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38089 advisory. - In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc aut...

MiracleLinux 4 : vino-2.28.1-9.AXS4 (AXSA:2014-070:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-070:01 advisory. Vino is a VNC server for GNOME. It allows remote users to connect to a running GNOME session using VNC. Security issues fixed with this release: CVE-2013-5745...

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

CVE-2024-39896

Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs t...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

PT-2026-4492

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component of the Linux kernel where errors from ceph auth handle reply done are not correctly returned from the mon handle auth done function. This can lea...

PT-2025-49652

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A memory leak was identified in the nvme-core component of the Linux kernel, specifically within the dhchap ctrl secret store function. The issue occurs when nvme auth generate key retur...

Kalmia 安全漏洞

Kalmia is an open source document content management system from Iridia Solutions Private Limited. A security vulnerability exists in Kalmia version 0.2.0, which stems from the authentication mechanism returning a different error message that could lead to user enumeration...