65 matches found
EUVD-2018-1699
Malware in sbrugna...
EUVD-2023-40679
Malicious code in bioql PyPI...
EUVD-2025-10551
Malicious code in bioql PyPI...
Modernize your identity defense with Microsoft Identity Threat Detection and Response
In today’s fast-evolving landscape, where businesses balance on-premises systems and cloud resources, identity-based cyberthreats are growing more frequent and sophisticated. The question isn’t whether an identity attack will occur—but when. The numbers are staggering: In 2024 Microsoft saw an...
TencentOS Server 4: dotnet6.0 (TSSA-2024:0467)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0467 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 4: dotnet7.0 (TSSA-2024:0679)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0679 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-32016
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
Insertion of Sensitive Information into Log File
Overview Microsoft.Identity.Abstractions is a package containing interfaces and POCO classes used in the Microsoft .NET authentication libraries Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web. Affected versions of this package are vulnerable to Insertion of Sensitive Information int...
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the...
CVE-2025-32016
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016
This CVE affects Microsoft Identity Web (and related Microsoft.Identity.Abstractions) used with ASP.NET Core for Azure AD v2.0 / AAD B2C integrations. Under certain conditions, service logs can expose sensitive credentials, including local file paths with passwords, Base64-encoded values, and Cli...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
Microsoft Identity Web 日志信息泄露漏洞
Microsoft Identity Web is an Azure Active Directory open source to help create protected web applications and web APIs using the Microsoft Identity Platform and Azure AD B2C. A log information disclosure vulnerability exists in Microsoft Identity Web, which stems from the fact that sensitive...
PT-2025-15702 · Microsoft · Microsoft.Identity.Abstractions +1
Name of the Vulnerable Software and Affected Versions: Microsoft Identity Web versions prior to 3.8.2 Microsoft Identity Web versions prior to 3.8.2 is equivalent to Microsoft.Identity.Abstractions versions prior to 9.0.0, however the correct representation is: Microsoft Identity Web versions pri...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync function method, which does not verify the identity of the calling TUser, allowing an attacker to escalate privileges to that of another user. Remediation Upgrade...
Denial Of Service (DoS)
microsoft.identity.client is vulnerable to Denial of Service. The vulnerability is due to an incorrect activity export configuration, allowing a malicious application on the same Android device to interfere with the authentication processes. This vulnerability is only exploitable to applications...
Improper Export of Android Application Components
Overview Affected versions of this package are vulnerable to Improper Export of Android Application Components in AuthenticationAgentActivity.cs, which can allow denial of service to applications on the same device using MSAL.NET for authentication. A malicious application installed by the victim...
BIT-DOTNET-2024-21319 Microsoft Identity Denial of service vulnerability
Microsoft Identity Denial of service vulnerability...