SUSE CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

PT-2025-54492

Name of the Vulnerable Software and Affected Versions Authlib versions 1.6.5 and prior Description Authlib is a Python library used for building OAuth and OpenID Connect servers. A flaw exists in cache-backed state/request-token storage where it is not linked to the user session. This allows for...

Sensitive Information Disclosure

github.com/rancher/rke is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to insecure cluster state storage in a publicly accessible configmap called full-cluster-state inside the kube-system namespace, which allows an attacker without administrative privileges to...

PT-2024-21050 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14 through 1.14.6 Description: The issue affects Cilium users who are using CRDs to store Cilium state and Wireguard transparent encryption. Traffic to and from the Ingress and health endpoints is not encrypted. This issue...

Privilege Escalation

kOps is vulnerable to Privilege Escalation. The vulnerability is caused when running kOps with the GCP Provider in Gossip Mode, where Node service account credentials could be used by a container running in the cluster to retrieve sensitive information from the state storage bucket and escalate t...

Intel Memory Bug Poses Risk for Hundreds of Products

Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System CVSS score of 7. The vulnerability...

BootStomp - A Bootloader Vulnerability Finder

BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper at https://seclab.cs.ucsb.edu/academic/publishing/bootstomp-security-bootloaders-mobile-devices-2017 To run...

ASP.NET __VIEWSTATE crypto validation prone to replay attacks

Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...