EUVD-2026-28281

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

Incorrect Authorization

Overview @better-auth/oauth-provider is an An oauth provider plugin for Better Auth Affected versions of this package are vulnerable to Incorrect Authorization via the createOAuthClientEndpoint endpoint. An attacker can gain unauthorized access to register OAuth clients by bypassing the intended...

PT-2026-6519

terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox...

EUVD-2019-1152

Malware in sbrugna...

EUVD-2019-4038

Malware in sbrugna...

EUVD-2018-6868

Malware in sbrugna...

EUVD-2022-47495

Malicious code in bioql PyPI...

CVE-2025-23046

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

GHSA-36H8-R92J-W9VW The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass

Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user...

CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

PT-2022-27238 · Hiview · Hiview

Name of the Vulnerable Software and Affected Versions: HiView module affected versions not specified Description: The HiView module has a vulnerability where it fails to filter out third-party apps when invoking the system provider. This could lead to third-party apps starting periodically if the...

PT-2022-14478 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SettingsProvider, allowing potential reading or modification of the default ringtone. This could result in local escalation of privilege without...

PT-2008-5010 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java versions prior to the fixed version on Mac OS X 10.4.11, 10.5.4, and 10.5.5 Description: The issue is related to an error checking problem in the Hash-based Message Authentication Code HMAC provider in Java, which uses an uninitialized...