CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

SUSE CVE-2025-54996

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to managing identity entity systems in root namespaces. An attacker can gain unauthorized access to the root policy by escalating privileges through the addition of arbitrary policies containing...

OpenBao Root Namespace Operator May Elevate Token Privileges

Impact Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root...

US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

For several years, Microsoft has been helping United States federal and state government groups, including military departments and civilian agencies, transition to a Zero Trust security model. Advanced features in Microsoft Entra ID have helped these organizations meet requirements to employ...

Infoblox NIOS 访问控制错误漏洞

Infoblox NIOS is a system for managing and automating network devices and services from Infoblox, Inc. It is used to automate the configuration and management of networks and to ensure stable network operation. A security vulnerability exists in Infoblox NIOS version 8.6.4 and prior versions, whi...