Lucene search
K

8 matches found

OSV
OSV
added 2026/05/26 12:3 a.m.19 views

MAL-2026-4777 Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

5.8AI score
Exploits0References1
OSV
OSV
added 2025/12/15 2:15 p.m.8 views

UBUNTU-CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.26 views

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

0.00141EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-65431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:13 a.m.23 views

BIT-GITLAB-2022-4037

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth...

8.5CVSS6.8AI score0.00639EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2023/06/06 12:1 p.m.12 views

Adversaries increasingly using vendor and contractor accounts to infiltrate networks

Cisco Talos Incident Response Talos IR has repeatedly observed attackers targeting and using compromised vendor and contractor accounts VCAs during recent emergency response engagements. While high-profile software supply chain compromise events garner significant media attention e.g., the recent...

7.2AI score
Exploits0
Prion
Prion
added 2023/01/12 4:15 a.m.20 views

Race condition

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth...

4.6CVSS8.1AI score0.00639EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.28 views

CVE-2022-4037

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth...

6.4CVSS8.4AI score0.00639EPSS
Exploits0References3
Rows per page
Query Builder