Tag
#auth
Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse. This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
### Impact When the PostgreSQL JDBC driver is configured with channel binding set to `required` (default value is `prefer`), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. ### Patches TBD ### Workarounds Configure `sslMode=verify-full` to prevent MITM attacks. ### References * https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256 * https://datatracker.ietf.org/doc/html/rfc7677 * https://datatracker.ietf.org/doc/html/rfc5802
INTERPOL disrupts 20,000 infostealer domains in major cybercrime crackdown across Asia-Pacific, 32 arrested, 216K victims notified in Operation Secure.
Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.
AppOmni research reveals over 20 security vulnerabilities, including zero-days, in the Salesforce Industry Cloud. Learn about critical risks, customer responsibilities, and how to protect sensitive data.
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface," the U.S. Cybersecurity and Infrastructure