Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SCIM API when URL-encoded path values are used. An attacker can access sensitive user information, including names, email addresses, phone numbers, addresses, external IDs,...

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

CVE-2026-32132

CVE-2026-32132 (ZITADEL) affects Zitadel identity management platform prior to versions 3.4.8 and 4.12.2. The vulnerability lies in the passkey registration endpoint, where an improper expiration check of a retrieved code could allow an attacker to register their own passkey and gain access to th...

CVE-2026-32130

Zitadel SCIM API vulnerability CVE-2026-32130 affects versions 2.68.0 up to before 3.4.8 and 4.12.2. Requesting the API with URL-encoded path values could bypass authentication and authorization checks, allowing unauthenticated attackers to retrieve sensitive user data (names, emails, phone numbe...

ZITADEL 安全漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 2.68.0 to 3.4.8, as well as version 4.12.2, have security vulnerabilities. These vulnerabilities stem from improper handling of URL-encoded path values by the SCIM API...

PT-2026-21921

Name of the Vulnerable Software and Affected Versions Hono versions 4.12.0 through 4.12.1 Description Hono is a Web application framework that provides support for any JavaScript runtime. When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo...

EUVD-2020-28396

Malware in sbrugna...

EUVD-2024-52235

Malicious code in bioql PyPI...

CVE-2024-54002

Dependency-Track suffers a timing-based user enumeration flaw in /api/v1/user/login for usernames known to the system (LDAP/OpenID Connect users are unaffected). This CVE identifies that a longer response time reveals valid usernames, with the issue fixed in Dependency-Track 4.12.2. Affected prod...

CVE-2024-52293

Craft CMS prior to 4.12.2 and 5.4.3 is vulnerable due to missing normalizePath in FileHelper::absolutePath, enabling potential Remote Code Execution via Twig SSTI. This is a sequel to CVE-2023-40035. The issue is fixed in Craft 4.12.2 and 5.4.3. Affected versions should upgrade to the specified f...

Mcafee McAfee Advanced Threat Defense 信息泄露漏洞

McAfee Advanced Threat Defense ATD is a set of threat detection and defense solutions from the U.S. company McAfee McAfee, providing malware analysis, sharing threat intelligence and isolating compromised systems. An information disclosure vulnerability exists in the web interface of McAfee...

Samba DoS Vulnerability (CVE-2020-10704)

Samba is prone to a denial of service vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Samba DoS Vulnerability (CVE-2020-10700)

Samba is prone to a denial of service vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...