25 matches found
CVE-2026-9798
A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...
CVE-2026-33316
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without...
PT-2026-23735
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...
SUSE CVE-2025-64175
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs' 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim's username and password, they can use any unused recovery code e.g., from their own account to...
CVE-2025-64175
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...
CVE-2025-64175
Gogs 2FA bypass CVE-2025-64175 affects version 0.13.3 and earlier. Root cause: the UseRecoveryCode check does not scope recovery codes by user, performing a global lookup for any unused code and ignoring the authenticating user’s ID. Exploitation requires victim credentials, after which an attack...
Gogs 安全漏洞
Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have security vulnerabilities. Thes...
EUVD-2013-0288
Malware in sbrugna...
EUVD-2021-23676
Malware in sbrugna...
EUVD-2017-17135
Malware in sbrugna...
EUVD-2013-0554
Malware in sbrugna...
CVE-2019-6633
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions...
!_account.isContract() can be bypassed
Lines of code Vulnerability details Impact A contract in construction can bypass isContract to call deposit and withdraw functions in vaults/yVault/yVault.sol, farming/LPFarming.sol, and farming/yVaultLPFarming.sol. Also, Block contracts may cause DoS if someone uses multisig contracts as a calle...
UPS VDP: Admin Authentication Bypass Lead to Admin Account Takeover
Hello Team I found that i can bypass the login page of the Admin account by intercepting the respone of the login request of connectnb.ups.com subdomain and change status from false to true Steps To Reproduce: 1. Open https://connectnb.ups.com/Layout/login 2. Enter Admin as a Username and 1111 as...
CVE-2021-37100
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed...
CVE-2021-37100
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed...
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page: https://www.i3international.com Affected version: V5.2.0 build 150317 Ax46 V5.0.9 build 151106 Ax68 V5.0.9 build 150615 Ax78 Summary: The Annexxus camera 6MP provides 4 simultaneous...
The vulnerability of the software for implementing the hypertext environment MediaWiki, related to deficiencies in the authentication process, allows a violator to circumvent the account lockout implemented by CentralAuth.
The vulnerability of the software for implementing the hypertext environment MediaWiki is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to circumvent the lockout mechanism for the CentralAuth account...
cPanel Feature and Demo Account Restriction Bypass Vulnerability
cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 84.0.20. An attacker could exploit the vulnerability to...