CVE-2026-32246

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

CVE-2026-32246

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

CVE-2026-32246

CVE-2026-32246 (Tinyauth) : Tinyauth authentication/authorization server before version 5.0.3 allows an attacker who knows a user’s password but not the TOTP secret to obtain an authorization code and valid OIDC tokens by abusing the OIDC authorization endpoint during a TOTP-pending session. This...

Missing Critical Step in Authentication

Overview Affected versions of this package are vulnerable to Missing Critical Step in Authentication via the OIDC authorize process. An attacker can gain unauthorized access to valid OIDC tokens by leveraging a session where only the password has been verified but the second authentication factor...

Missing Critical Step in Authentication

Overview Affected versions of this package are vulnerable to Missing Critical Step in Authentication via the OIDC authorize process. An attacker can gain unauthorized access to valid OIDC tokens by leveraging a session where only the password has been verified but the second authentication factor...

Malicious Package

Overview ignore-html-and-css-imports is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

Malicious code in collecters (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c17c6bb947662d942c27cdf7ca9572536ea97f7864070648eb417277cad2e71e Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

MAL-2026-1371 Malicious code in collecters (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c17c6bb947662d942c27cdf7ca9572536ea97f7864070648eb417277cad2e71e Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

PT-2026-25056

Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.3 Description Tinyauth is an authentication and authorization server. The OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization...

UBUNTU-CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

UBUNTU-CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

SUSE CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

EUVD-2026-11138

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

EUVD-2026-11141

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

ALPINE-CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...