CVE-2026-28536

Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS device authentication module, which can be exploited by an attacker to compromise...

PT-2026-23411

Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584

CVE-2026-2584 describes a critical SQL injection in the authentication module of the Ciser System SL firmware. An unauthenticated, remote attacker can exploit the login interface by sending crafted SQL queries, with attack vector NETWORK and attack complexity LOW . The impact per metrics: total c...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

PT-2026-22571

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

Advisory ROSA-SA-2026-3179

Software: pam 1.3.1 OS: ROSA Virtualization 3.0 unaffected versions = pam-1.3.1-39.0.2.rv30 affected versions pam-1.3.1-39.0.2.rv30 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...

Exploit for Incorrect Authorization in Suse Pam-Config

https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt...

OESA-2026-1325 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

CLEANSTART-2026-AX77726 vulnerability was found in PAM

Multiple security vulnerabilities affect the gitlab-shell-fips package. A vulnerability was found in PAM. See references for individual vulnerability details...

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the md4sum function of the NTLM authentication module. An attacker can execute arbitrary code with the privileges of the affected application. Remediation A fix was pushed into the master branch but not ye...

CLSA-2025-1767001153 pam: Fix of CVE-2025-8941

CVE-2025-8941: fix additiinally potential privilege escalationvia multiple symlink attacks and race conditions...

Important Photon OS Security Update - PHSA-2025-5.0-0710

Updates of 'Linux-PAM', 'httpd' packages of Photon OS have been released...

RHEL 10 : pam (RHSA-2025:22019)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22019 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...