CVE-2026-41181 Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the collaborator websocket feed, which broadcasts raw request headers, including sensitive authorization data, before access control is enforced. An attacker can gain unauthorized...

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

CVE-2026-34377

ZEBRA (Zcash node, Zebra) contains a consensus-failure vulnerability in its handling of V5 transactions. Before zebrad v4.3.0 and zebra-consensus v5.0.1, a logic error in the transaction verification cache could let a malicious miner craft a block with an invalid authorization data set but a matc...

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

GHSA-3VMH-33XR-9CQH Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow. The specific flaw exists within the implementation of OAuth...

PT-2026-29168

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 4.2.4 contained security vulnerabilities; these vulnerabilities stemmed from the failure to intercept events of type ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE, which...

Improper Output Neutralization for Logs

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTTP access logs with long pattern when the logging format is set to a verbos...

CVE-2017-18883

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

SUSE CVE-2017-18883

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

GO-2025-4198 Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider in github.com/mattermost/mattermost-server

Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider in github.com/mattermost/mattermost-server...

EUVD-2010-1351

Malware in sbrugna...

EUVD-2018-19638

Malware in sbrugna...

EUVD-2022-24819

Malicious code in bioql PyPI...

EUVD-2022-2459

Malicious code in bioql PyPI...

CVE-2025-35431 CISA Thorium LDAP injection

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1...

PT-2025-38230

Name of the Vulnerable Software and Affected Versions: Thorium versions prior to 1.1.1 Description: Thorium does not escape user-controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data, such as group memberships. Recommendations: Update to...