CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

CVE-2022-29214 URL Redirection to Untrusted Site ('Open Redirect') in next-auth

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

Possible issue with Cisco on-line help?

Hello! We came across a curious behavior on a number of Cisco routers, tied to the way the on-line help system presents options. It seems that, even though a regular non-"enabled" user should not be able to see the access- lists or other security-related information in the router, one can do just...

cisco-ios-DoS.alert.txt

Date: Mon, 11 Jan 1999 16:00:56 -0000 From: [email protected] Reply-To: [email protected] To: [email protected] Subject: Cisco Security Notice: Cisco IOS Syslog Crash -----BEGIN PGP SIGNED MESSAGE----- Field Notice: Cisco IOS Syslog Crash...