Incorrect Authorization

Overview web-auth/webauthn-framework is a FIDO-U2F / FIDO2 / Webauthn Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the ClientOverridePolicy process. An attacker can bypass user verification requirements by supplying a crafted userVerification paramete...

CVE-2026-30964

creationtimestamp| type| source ---|---|--- 2026-03-08 17:27:32+00:00| published-proof-of-concept| https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-f7pm-6hr8-7ggm...

allauth-django 输入验证错误漏洞

allauth-django is an open-source authentication application developed by allauth. Versions of allauth-django prior to 65.14.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection issue when SAML-based IdPs enabled SSO, allowing attacker...

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23966 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

CVE-2019-11650

A potential Man in the Middle attack MITM was found in NetIQ Advanced Authentication Framework versions prior to 6.0...

Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Channel Binding

As a case study in cryptographic binding, we present a formal-methods analysis of the cryptographic channel binding mechanisms in the Fast IDentity Online FIDO Universal Authentication Framework UAF authentication protocol, which seeks to reduce the use of traditional passwords in favor of...

EUVD-2025-4088

Malicious code in bioql PyPI...

EUVD-2025-22134

Malicious code in bioql PyPI...

EUVD-2022-6486

Malicious code in bioql PyPI...

CVE-2025-36057

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application...

CVE-2025-36057

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application...

CVE-2025-36057

IBM Cognos Analytics Mobile (iOS) versions 1.1.0–1.1.22 contain an authentication bypass due to the use of an unnecessary Local Authentication Framework library, despite biometric authentication not being used in the app. The vulnerability affects the iOS client and is described in multiple sourc...

CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) authentication bypass

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application...

CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) authentication bypass

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application...

PT-2025-30322 · Ibm · Ibm Cognos Analytics Mobile

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics Mobile iOS versions 1.1.0 through 1.1.22 Description: The application uses the Local Authentication Framework library despite not utilizing biometric authentication. This results in an authentication bypass...

authentik 授权问题漏洞

authentik is an open source identity provisioning application from authentik Open Source. An authorization issue vulnerability exists in authentik that stems from when clientcredentials or devicecodeOAuth authorization is used, resulting in an attacker obtaining a token from Authentik...

Unauthorized Password Reset

cartalyst/sentry is vulnerable to Unauthorized Password Reset. The vulnerability is due to improper handling of password reset checks in the Sentry authentication framework, which allows attackers to reset passwords for users who have NULL in their resetpasswordcode column...

Webauthn-Framework Authorization Issues Vulnerability

Webauthn-Framework is an authentication mechanism. It is used by Web applications to create and use strong, proven, scoped, public-key based credentials for strong authentication of users. An authorization issue vulnerability exists in Webauthn-Framework that stems from improper handling of...

CVE-2021-21337

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a differe...

CVE-2019-11650

A potential Man in the Middle attack MITM was found in NetIQ Advanced Authentication Framework versions prior to 6.0...