10 matches found
CVE-2026-41427
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...
PT-2026-35070
Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.6.5 Description The OAuth client creation endpoints failed to invoke the hook associated with the clientPrivileges option before persisting new clients. Consequently, deployments intended to restrict client...
EUVD-2022-7246
Malicious code in bioql PyPI...
CVE-2025-6505
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access. Whe...
MGASA-2025-0062 Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong. CVE-2025-22376...
GHSA-C34R-238X-F7QX Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...
PT-2023-5260 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 22.0.0 through 22.2.10.12 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0 through 24.0.12.4 Nextcloud Server versions 25.0.0 through 25.0.8 Nextcloud Server versions 26.0.0 through...
Cloud Foundry denial of service vulnerability
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack...
Design/Logic Flaw
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack...