EUVD-2026-8789

ZITADEL's truncated opaque tokens are still valid...

GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

CVE-2025-62791

CVE-2025-62791 (Wazuh) : Prior to 4.11.0, DecodeCiscat() does not check the return value of cJSON_GetObjectItem(), allowing a NULL dereference when handling errors. A crafted agent message to the Wazuh manager can cause analysisd to crash and become unavailable. The issue is fixed in 4.11.0. Impa...

CVE-2025-62789

CVE-2025-62789 affects Wazuh before 4.11.0. The fim_alert() path does not check the return value of ctime_r before calling strdup(), enabling a NULL pointer dereference that can crash analysisd when a compromised/malicious agent sends a crafted message to the Wazuh manager. Impact is denial of se...

Wazuh 代码问题漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A code issue vulnerability exists in Wazuh versions prior to 4.11.0 that stems from not checking if timestring is...

PT-2025-44324

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the fim fetch attributes state implementation where it does not verify if time string is NULL before applying strle...

PT-2025-44322

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the w copy event for log function where it references memory after it has been freed, initially allocated in OS...

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list

OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...

EUVD-2025-32372

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

PT-2025-39698

Name of the Vulnerable Software and Affected Versions Wazuh versions 3.8.0 through 4.10.9 Description Wazuh, a platform for threat prevention, detection, and response, contains a heap buffer overflow in the wazuh-analysisd component. This issue occurs when parsing XML elements received from Windo...

vantage6 安全特征问题漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security feature issue vulnerability exists in vantage6 versions prior to 4.11.0 that stems from an insecure JWT key auto-generation that could lead to key prediction...

Red Hat FreeIPA Access Control Error Vulnerability

Red Hat FreeIPA is a comprehensive security information management solution. An access control error vulnerability exists in FreeIPA version 4.11.0 that stems from a lack of granting, resulting in requests being accepted regardless of rule compliance...

PT-2024-21603 · Unknown +8 · Mit Kerberos +8

Name of the Vulnerable Software and Affected Versions: FreeIPA versions 4.11.0 Description: A vulnerability was found in FreeIPA related to the initial implementation of MS-SFU by MIT Kerberos, which was missing a condition for granting the "forwardable" flag on S4U2Self tickets. This issue...

PYSEC-2023-249

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...

ALEOS stack overflow vulnerability (CNVD-2020-48628)

ALEOS is an integrated development environment for building customized embedded M2M applications. A stack overflow vulnerability exists in the AT Command API in ALEOS versions prior to 4.11.0, which can be exploited by an attacker to execute code...

CVE-2019-11853

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4...