CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

UBUNTU-CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

CVE-2026-41070

OpenVPN OAuth2 plugin flaw exists in the experimental plugin mode: from v1.26.3 to before v1.27.3, clients that do not support WebAuth/SSO (e.g., Linux openvpn CLI) could be admitted even when authentication logic denied access. Root cause: in handleAuthUserPassVerify, ClientAuthDeny wrote "0" to...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the handleAuthUserPassVerify process when deployed in experimental plugin mode. An attacker can gain unauthorized VPN access by connecting with a client that does not advertise WebAuth/SSO support, thereby...

CVE-2025-65783

An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2025-65783

CVE-2025-65783: Hubert Hub v2.0 1.27.3 contains an arbitrary file upload flaw in /utils/uploadFile that allows an attacker to execute arbitrary code by uploading a crafted PDF. The description and connected Red Hat/NVD entries confirm the vulnerability type and impact (remote, no authentication, ...

Hubert Hub 安全漏洞

Hubert Hub is a digital management platform from Brazilian company Hubert. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from an arbitrary file upload in the /utils/uploadFile component, which could lead to an attacker executing arbitrary code by uploading a...

EUVD-2025-29200

Malicious code in bioql PyPI...

SUSE CVE-2025-8396

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3,...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient bounds checking on the authorization header. An attacker can cause excessive memory allocation by sending specially crafted requests, potentially leading to servic...

AZL-35297 CVE-2023-44487 affecting package telegraf for versions less than 1.27.3-3

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names...

MediaWiki SyntaxHighlight extension option injection vulnerability

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki...