134 matches found
SUSE-SU-2026:2968-1 Security update for python-Authlib
This update for python-Authlib fixes the following issues - CVE-2026-41425: Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth bsc1263114. - CVE-2026-44681: Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...
PYSEC-2026-1209 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...
UBUNTU-CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
ROOT-APP-PYPI-CVE-2026-41425 CVE-2026-41425 in rootio-Authlib - Patched by Root
Root has patched CVE-2026-41425 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-62706 CVE-2025-62706 in rootio-Authlib - Patched by Root
Root has patched CVE-2025-62706 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...
CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
MAL-2026-3648 Malicious code in auth-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
CLSA-2026-1777463708 dovecot: Fix of CVE-2017-15132
CVE-2017-15132: fix memory leak and hash-table use-after-free in authclientrequestabort lib-auth. Squashed upstream commits 1a29ed2f96da and a9b135760aea...
[SECURITY] Fedora 44 Update: python-msal-1.36.0-1.fc44
The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...
CVE-2026-41427
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...
CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...
UBUNTU-CVE-2026-32952
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
[SECURITY] Fedora 43 Update: python-msal-1.36.0-1.fc43
The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...
MAL-2026-2759 Malicious code in express-auth-basic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e643f12d60a16d07664d45cf59400356a38f8bb5463f358e1e86e217b88fab5 The package express-auth-basic was found to contain malicious code...
CVE-2026-30964
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...
CVE-2026-30964
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...
CLEANSTART-2026-DY37532 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Security vulnerability affects the cortex-fips package. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
Security Bulletin: A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-27086)
Summary A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation for authentication processing. This bulletin identifies the security fixes to apply to...
CVE-2019-20138
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's cryptopwhashstr is not used...