CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

CVE-2026-43334

CVE-2026-43334 concerns the Linux kernel Bluetooth SMP pairing flow. The issue arises in smp_cmd_pairing_req() where the pairing response is built from the initiator auth_req before enforcing the local BT_SECURITY_HIGH, allowing the response to omit SMP_AUTH_MITM if the initiator did. Consequentl...

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

CVE-2026-20152

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

CVE-2026-20152

Cisco Secure Web Appliance (AsyncOS) authentication service is affected by CVE-2026-20152. The issue stems from improper validation of user-supplied authentication input in HTTP requests, allowing an unauthenticated, remote attacker to bypass authentication policy requirements. According to the p...

CVE-2026-20152

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

curl: ignoring 'options' when doing connection reuse

libcurl contains a significant logic flaw in its connection pool matching mechanism. When a transfer specifies a required authentication policy—such as a specific SASL mechanism e.g., ;AUTH=GSSAPI or a restricted set of SSH authentication types CURLOPTSSHAUTHTYPES—libcurl fails to verify these...

EUVD-2026-18089

CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...

Airflow externalLogUrl Permission Bypass

1. Summary The externalLogUrl endpoint in Airflow’s FastAPI enforces only the weaker Task Instance access permission TASKINSTANCE instead of the intended Task Logs permission TASKLOGS. As a result, low-privileged users who are not authorized to view task logs can still obtain external log access...

trustee 安全漏洞

trustee is an open source component of Confidential Containers. A security vulnerability exists in trustee versions prior to 0.15.0, which stems from an attestation-policy endpoint that does not validate the identity of a kbs-client, which could result in an arbitrary kbs-client modifying the...

EUVD-2020-20444

Malware in sbrugna...

EUVD-2022-28658

Malicious code in bioql PyPI...

PT-2025-30439

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.4.4 authentik versions 2025.6.0-rc1 through 2025.6.3 Description Deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can retain partial access to the system...

[SECURITY] Fedora 41 Update: pam-1.6.1-8.fc41

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

[SECURITY] Fedora 42 Update: pam-1.7.0-6.fc42

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

CVE-2025-25207 Rhcl: authpolicy callbacks result in denial of service in authorino severity

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

CVE-2025-25207 Rhcl: authpolicy callbacks result in denial of service in authorino severity

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

CVE-2020-27951

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...