Incorrect Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization in the userapikeyauth.py file of the M2M JWT Handler. An attacker can gain unauthorized access to resources by exploiting insufficient authorization...

CVE-2026-12771

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

MINI-M2M4-H633-XWC2

Bulletin has no description...

Weak Authentication

Overview Affected versions of this package are vulnerable to Weak Authentication due to improper validation of oauthuserid in the TokenGuard::authenticateViaBearerToken function. An attacker can gain unauthorized access to unrelated user accounts by presenting a machine-to-machine token with a...

CVE-2026-39976

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value ...

24/7 Payments for 24/7 Agents: The Case for Crypto in the Machine Economy

Crypto enables 24/7 payments for AI agents, replacing fiat limits with scalable machine-to-machine transactions and powering the emerging machine economy...

[SECURITY] Fedora 42 Update: libcoap-4.3.5a-1.fc42

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

[SECURITY] Fedora 43 Update: libcoap-4.3.5a-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

CVE-2025-40165 media: nxp: imx8-isi: m2m: Fix streaming cleanup on release

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

EUVD-2016-3417

Malware in sbrugna...

EUVD-2020-0538

Malware in sbrugna...

[SECURITY] Fedora 42 Update: qt6-qtmqtt-6.9.1-1.fc42

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

ABB M2M Gateway HTTP Request Smuggling in embedded Bind (CVE-2021-25220)

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

Extensible Post Quantum Cryptography Based Authentication

Cryptography underpins the security of modern digital infrastructure, from cloud services to health data. However, many widely deployed systems will become vulnerable after the advent of scalable quantum computing. Although quantum-safe cryptographic primitives have been developed, such as...

[SECURITY] Fedora 42 Update: mosquitto-2.0.21-1.fc42

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version v5 and 3.1.x. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

Wherever There's Ransomware, There's Service Account Compromise. Are You Protected?

Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities NHI accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...