14 matches found
EUVD-2025-10551
Malicious code in bioql PyPI...
CVE-2025-32016
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the...
CVE-2025-32016
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016
This CVE affects Microsoft Identity Web (and related Microsoft.Identity.Abstractions) used with ASP.NET Core for Azure AD v2.0 / AAD B2C integrations. Under certain conditions, service logs can expose sensitive credentials, including local file paths with passwords, Base64-encoded values, and Cli...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
Microsoft Identity Web 日志信息泄露漏洞
Microsoft Identity Web is an Azure Active Directory open source to help create protected web applications and web APIs using the Microsoft Identity Platform and Azure AD B2C. A log information disclosure vulnerability exists in Microsoft Identity Web, which stems from the fact that sensitive...
PT-2025-15702 · Microsoft · Microsoft.Identity.Abstractions +1
Name of the Vulnerable Software and Affected Versions: Microsoft Identity Web versions prior to 3.8.2 Microsoft Identity Web versions prior to 3.8.2 is equivalent to Microsoft.Identity.Abstractions versions prior to 9.0.0, however the correct representation is: Microsoft Identity Web versions pri...
MAL-2024-2502 Malicious code in identity-web (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in identity-web (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2023-20741 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the SearchStudentsStaff method, allowing unauthenticated attackers to extract sensitive student and teacher data. Recommendations: For...
CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...