CVE-2026-47203

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

GHSA-M5MF-3963-4X26 Authelia applies regulation separately to Username-based logins to Email-based logins

Summary If users are allowed to sign in via both username and email the regulation system treats these as separate login events. This leads to the regulation limitations being effectively doubled assuming an attacker using brute-force to find a user password. It's important to note that due to th...

Authelia applies regulation separately to Username-based logins to Email-based logins

Summary If users are allowed to sign in via both username and email the regulation system treats these as separate login events. This leads to the regulation limitations being effectively doubled assuming an attacker using brute-force to find a user password. It's important to note that due to th...

CVE-2021-41185 Download file outside intended directory

Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users...

CVE-2021-41185

CVE-2021-41185 affects Mycodo (environmental monitoring system) with a path traversal vulnerability in versions prior to 8.12.7. The issue arises from insufficient filtering of file paths, allowing an endpoint-accessed user to download files outside the intended directory. A fix was released in 8...