Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-34268 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-34268 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

@tetherto/wdk-protocol-swap-velora-evm (=1.0.0-beta.4), @velora-dex/widget (>=0.2.0 <=0.6.0) potentially affected by unknown CVE via @velora-dex/sdk (>=9.0.0 <=9.4.1-dev.2)

@velora-dex/sdk NPM version =9.0.0, =0.2.0, =0.6.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2510...

Session Hijacking

MCP Ruby SDK is vulnerable to Session Hijacking. The vulnerability is due to insufficient session binding, where an attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data...

CVE-2026-32322

Summary : The Soroban SDK (Rust) Fr scalar field types for BN254 and BLS12-381 were vulnerable prior to 22.0.11, 23.5.3, and 25.3.0 because equality comparisons used raw U256 values without reducing modulo the field modulus r. This could cause mathematically equal field elements to compare as une...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service (CVE-2026-0621)

Summary Node.js module @modelcontextprotocol/sdk is found in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address th...

GHSA-VJPQ-XX5G-QVMM BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...

PT-2026-7854

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW ALL HOSTNAME VERIFIER, which...

CVE-2026-21352

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2021-33107

Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure vi...

CVE-2020-7082

A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it...

CVE-2023-49283

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

aws-sg-cleanup (>=0.1.0 <=0.1.3), cargo-lambda (>=0.7.0 <=0.12.0) +5 more potentially affected by unknown CVE via aws-sdk-lambda (>=0.10.1 <=0.9.0)

aws-sdk-lambda CARGO version =0.10.1, =0.1.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =1.3.0, =1.7.3 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

@zapier/zapier-sdk-cli (>=0.0.2 <=0.15.14), @zapier/zapier-sdk-mcp (>=0.3.7 <=0.3.39) potentially affected by unknown CVE via @zapier/zapier-sdk (>=0.0.2 <=0.15.4)

@zapier/zapier-sdk NPM version =0.0.2, =0.0.2, =0.3.7, =0.3.39 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190648...

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

...

EUVD-2020-18149

Malware in sbrugna...

EUVD-2020-7519

Malware in sbrugna...

EUVD-2012-4276

Malware in sbrugna...

EUVD-2015-5388

Malware in sbrugna...