CVE-2026-46359

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

org.jenkins-ci.plugins:azure-ad (>=378.380.v545b_1154b_3fb_ <=457.vf85d61f83b_26), org.openshift.jenkins:openshift-login (>=1.1.0.227.v27e08dfb_1a_20 <=1.1.0.248.v1908df5c4f5e) potentially affected by CVE-2026-42521 via org.jenkins-ci.plugins:matrix-auth (>=3.1.10 <=3.2.1)

org.jenkins-ci.plugins:matrix-auth MAVEN version =3.1.10, =378.380.v545b1154b3fb, =1.1.0.227.v27e08dfb1a20, =1.1.0.248.v1908df5c4f5e Source cves: CVE-2026-42521 Source advisory: OSV:GHSA-JP9R-MMHW-VFF3...

KLA90924 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure IOT...

CVE-2026-23518

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

MiracleLinux 8 : grafana-9.2.10-7.el8.ML.1 (AXSA:2023-7309:12)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7309:12 advisory. grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 Tenable has extracted the preceding description block directly from the MiracleLin...

EUVD-2017-17562

Malware in sbrugna...

EUVD-2022-5435

Malicious code in bioql PyPI...

EUVD-2022-5736

Malicious code in bioql PyPI...

EUVD-2024-44303

Malicious code in bioql PyPI...

EUVD-2023-2522

Malicious code in bioql PyPI...

EUVD-2023-26781

Malicious code in bioql PyPI...

EUVD-2023-1845

Malicious code in bioql PyPI...

EUVD-2023-0418

Malicious code in bioql PyPI...

EUVD-2022-4336

Malicious code in bioql PyPI...

TencentOS Server 3: grafana (TSSA-2023:0286)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0286 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-41935

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...

CVE-2023-24426

Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...

CVE-2021-21679

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...