CVE-2026-33668

Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV...

Amazon Linux AMI : php-ZendFramework (ALAS-2014-377)

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

CVE-2014-2685

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

DEBIAN-CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

[SECURITY] Fedora 18 Update: php-pear-Auth-OpenID-2.2.2-7.fc18

An implementation of the OpenID single sign-on authentication protocol...

[BSA-023] Security Update for drupal6

Gerfried Fuchs uploaded new packages for drupal6 which fixed the following security problems: CVE-2010-2250 A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites n...