160805 matches found
CVE-2025-13392
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...
CVE-2025-13392
Summary : CVE-2025-13392 affects Synology DiskStation Manager (DSM) via an improper check in the SSO authentication flow, enabling remote authentication bypass with knowledge of a DN. Affected versions : DSM before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected). Impact : local/remo...
CVE-2024-47267
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
...
Security update for postgresql14
This update for postgresql14 fixes the following issues Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against malicious time zone names...
CVE-2026-8903
The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...
CVE-2026-8994
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...
CVE-2026-8760
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
CVE-2026-3279
The CVE concerns the Enable jQuery Migrate Helper plugin for WordPress. A missing capability check in the downgrade_jquery_version() function (present in all versions up to 1.4.1) allows authenticated attackers with Subscriber-level access or higher to downgrade the site-wide jQuery from 3.7.1 to...
CVE-2026-8994
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...
CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...
CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...
CVE-2026-8994
The Login with NEAR plugin for WordPress up to version 0.3.3 is vulnerable to authentication bypass. The ajaxLoginWithNear() function, exposed as wp_ajax_nopriv, accepts an attacker-controlled account POST parameter and authenticates a user based solely on a substring check for .near, with no non...
EUVD-2026-32094
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...
CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
CVE-2026-8760
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
EUVD-2026-32084
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
CVE-2026-8787
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...
CVE-2026-8787
The CVE applies to the WordPress plugin Firebase Support & Chat Management (up to version 3.1.1 ). The root cause is in the firebase_auth() function, which authenticates using the target WordPress user’s email supplied in the user_email POST parameter without verifying ownership or issuing a vali...
EUVD-2026-32079
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...