EUVD-2025-26494

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01...

EUVD-2025-26341

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass. This issue affects QR Menu: from s1.05.07 before v1.05.12...

EUVD-2025-26493

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01...

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

SUSE CVE-2025-6004

Vault and Vault Enterprise's “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

Flowise 1.6.5 - Authentication Bypass

The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. id: CVE-2024-31621 info: name: Flowise 1.6.5 - Authentication Bypass author: DhiyaneshDK severity: high description: | The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. impact: |...

Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass

TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-42887 info:...

CVE-2026-48567

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-34935

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

EulerOS Virtualization 2.12.1 : kernel (EulerOS-SA-2026-2077)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : netfilter: ctnetlink: remove refcounting in expectation dumpersCVE-2025-39764 nvme: nvme-fc: Ensure -ioerrwork is cancelled in...

EulerOS Virtualization 2.13.1 : sssd (EulerOS-SA-2026-2152)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-2097)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2161)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change th...

Debian dla-4619 : libtomcat9-embed-java - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4619 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4619-1 [email protected]...

PT-2026-47127

Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.4 Description The plugin allows arbitrary file upload because it does not perform validation on the file type, extension, or MIME type of uploaded files. This issue occurs with...

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2026-2072)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

CVE-2026-9719 LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...