CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

The vulnerability of the PAM-PKCS#11 authentication module in Linux operating systems allows a hacker to bypass the authentication process.

The vulnerability of the PAM-PKCS11 authentication module in Linux operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process remotely...

CLSA-2025-1753206847 pam: Fix of CVE-2025-6020

CVE-2025-6020: privilege elevation to root via multiple symlink attacks and race conditions - Perform regression testing...

Authen::SASL::Perl::DIGEST_MD5 安全漏洞

Authen::SASL::Perl::DIGESTMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 and earlier, which stems from insecure cnonce generation...

OESA-2025-1746 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: Linux-pam is a plug-in and unplugged system authentication software for Linux teams. There is a security vulnerability in Linux-pam. This...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

Security update for pam

This update for pam fixes the following issues: CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path. And keep the bind-mount protection from protectmount as a defense in depthmeasure. bsc1244509 Patch...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2025:0320)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0320 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Salt's salt.auth.pki module does not properly authenticate callers

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

CVE-2025-29627

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module...

CVE-2025-29627

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module...

CVE-2025-29627

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module...

PT-2025-24541 · Unknown · Keeperchat

Name of the Vulnerable Software and Affected Versions: KeeperChat IOS Application version 5.8.8 Description: An issue in the KeeperChat IOS Application allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module. Recommendations: For KeeperChat IOS...

CVE-2025-29627

CVE-2025-29627 affects KeeperChat iOS App, v5.8.8, with a vulnerability in the Biometric Authentication Module that could allow a physically proximate attacker to escalate privileges. The public records describe the affected component as KeeperChat IOS Application and point to privilege escalatio...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

Malicious code in client-authentication-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4311 Malicious code in client-authentication-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-23055

ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...

CVE-2015-8082

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...