OPENSUSE-SU-2026:20576-1 Security update for python-Flask-HTTPAuth

This update for python-Flask-HTTPAuth fixes the following issues: Changes in python-Flask-HTTPAuth: - CVE-2026-34531: Do not accept empty tokens bsc1261355...

Security update for python-Flask-HTTPAuth (moderate)

openSUSE Security Update: Security update for python-Flask-HTTPAuth Announcement ID: openSUSE-SU-2026:0122-1 Rating: moderate References: 1261355 Cross-References: CVE-2026-34531 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

GHSA-P44Q-VQPR-4XMG Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

Summary In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any...

EUVD-2022-1143

Malicious code in bioql PyPI...

PT-2023-30775 · Unknown · Capsule-Proxy

Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.4.6 Description: The issue is a privilege escalation vulnerability based on a missing check if the user is authenticated based on the TokenReview result. This affects clusters running with the anonymous-auth...

Revive Adserver HTML_Quickform Library Security Bypass Vulnerability

Revive Adserver is an open source ad management system. Revive Adserver HTMLQuickform library has a security vulnerability that allows remote attackers can use empty tokens to bypass the CSRF protection mechanism...