DEBIAN-CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

PYSEC-2026-188

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 43 Update: roundcubemail-1.6.12-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

EUVD-2025-204035

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

CVE-2025-68460

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.5.12 and 1.6.12 prior to 1.6.12, which...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.12 and 1.6.12 and prior to 1.6.12, which stems fro...

Linux Distros Unpatched Vulnerability : CVE-2025-68460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer. CVE-2025-68460 Note that...

CVE-2025-7778

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

CVE-2025-7778

The CVE-2025-7778 entry concerns the Icons Factory WordPress plugin (versions up to and including 1.6.12). The vulnerability arises from missing authorization and improper path validation in delete_files(), enabling unauthenticated attackers to delete arbitrary server files (potentially including...

WordPress plugin Icons Factory 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

PT-2025-33463 · WordPress · Icons Factory

Name of the Vulnerable Software and Affected Versions: Icons Factory plugin for WordPress versions up to and including 1.6.12 Description: The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the dele...

CVE-2013-7275

Cross-site scripting XSS vulnerability in misc.php in MyBB aka MyBulletinBoard before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup...

PT-2024-29979 · Fish Shop · Syntax-Check

Name of the Vulnerable Software and Affected Versions: fish-shop/syntax-check versions prior to v1.6.12 fish-shop/syntax-check versions prior to v2.0.0 Description: The issue is related to improper neutralization of delimiters in the pattern input, specifically the command separator ; and command...

CVE-2023-49087 Validation of SignedInfo

xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree the one that contain...

PT-2023-8931 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: simplesamlphp/xml-security versions prior to 1.6.12 simplesamlphp/xml-security versions prior to 5.0.0-alpha.13 Description: The issue is related to insufficient validation of XML signatures, which could allow a remote attacker to forge SAML...

CVE-2023-43787 affecting package libX11 for versions less than 1.8.7-1

CVE-2023-43787 affecting package libX11 for versions less than 1.8.7-1. An upgraded version of the package is available that resolves this issue...