EUVD-2024-2172

Malicious code in bioql PyPI...

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

CVE-2025-56449

Obsidian Scheduler REST API 5.0.0–6.3.0 is affected. The root cause is that accounts locked out due to MFA enforcement can still authenticate via Basic Authentication for administrative actions, allowing creation of a new privileged user and bypassing MFA protections. The issue affects the REST A...

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

PT-2025-39827

Name of the Vulnerable Software and Affected Versions Obsidian Scheduler versions 5.0.0 through 6.3.0 Description A security issue exists in the Obsidian Scheduler REST API. If an account is locked out due to not enrolling in Multi-Factor Authentication MFA, the REST API continues to permit the u...

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

Obsidian Scheduler 安全漏洞

Obsidian Scheduler is an enterprise-level task scheduler from Obsidian USA. A security vulnerability exists in Obsidian Scheduler versions 5.0.0 through 6.3.0, which stems from an account lockout that still allows authentication via Basic Authentication, which could lead to bypassing MFA...

GO-2025-3972 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly...

[SECURITY] Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43

This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...

SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server313 (SUSE-SU-2025:03234-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03234-1 advisory. - CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 - Fixed bad logrotate configuration...

SUSE SLES12 Security Update : cups (SUSE-SU-2025:03178-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03178-1 advisory. - CVE-2025-58060: no password check when AuthType is set to anything but Basic and a request is made with an Authorization: Basic header...

ALPINE-CVE-2025-58060

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

AZL-67269 CVE-2025-58060 affecting package cups for versions less than 2.3.3op2-10

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

Security update for cups

This update for cups fixes the following issues: CVE-2025-58060: no password check when AuthType is set to anything but Basic and a request is made with an Authorization: Basic header bsc1249049. CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2011-0160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might...