CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pdalitecustompermissioncheck' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated...

CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...

CVE-2025-46275

Affected products: PLANET WGS-80HPT-V2 and PLANET WGS-4215-8T2S. Description confirms a missing authentication flaw that could allow an attacker to create an administrator account without existing credentials. The issue is a control-access vulnerability on these PLANET devices; no specific exploi...

CVE-2025-3793

CVE-2025-3793 affects the Buddypress Force Password Change plugin for WordPress (versions up to 0.1). The vulnerability enables authenticated users (subscriber level or higher) to perform an account takeover by exploiting insufficient identity validation in the bp_force_password_ajax password-upd...

Ubuntu: Security Advisory (USN-7443-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-32788

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Erlang vulnerability (USN-7443-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7443-1 advisory. Fabian Bumer, Marcel Maehren, Marcus Brinkmann, and Jrg Schwenk discovered that Erlang OTPs SSH module incorrect handled...

CVE-2025-32377

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pam (SUSE-SU-2025:1334-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1334-1 advisory. - CVE-2024-10041: sensitive data exposure while performing authentications. bsc1232234 Tenable has...

CVE-2025-39596 WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability

Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8...

CVE-2022-26323 Incorrect Use of Privileged vulnerability has been discovered on OpenText™ UCMDB and Operation Bridge Manager product.

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite Containerized, OpenText™ UCMDB Classic and Containerized allows Privilege Escalation. The vulnerability could allow authenticated attackers to elevate user privileges. This...

USN-7443-1: Erlang vulnerability

Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise...

PT-2025-17344 · Rasa · Rasa Pro

Name of the Vulnerable Software and Affected Versions: Rasa Pro versions prior to 3.9.20 Rasa Pro versions prior to 3.10.19 Rasa Pro versions prior to 3.11.7 Rasa Pro versions prior to 3.12.6 Description: A vulnerability has been identified in Rasa Pro where voice connectors do not properly...

compop.ca 3.5.3 - Arbitrary code Execution

Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution Google Dork: Terms of Use inurl:compop.vip Date: 22/12/2024 Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 The restaurant management system implements authentication using a Unix timestam...

CVE-2025-31478 Zulip Authentication Backend Configuration Bypass

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being requir...

CVE-2025-31478 Zulip Authentication Backend Configuration Bypass

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being requir...

CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

CVE-2025-2291 affects PgBouncer; the flaw arises because auth_query does not respect the PostgreSQL VALID UNTIL expiry, allowing login with an already expired password. The issue impacts versions older than the fixed release (upstream 1.24.1 line; many advisories reference versions &lt; 1.24.1-1 or

CVE-2025-29652

...

CWA smartcard logon error 'Can’t read smart card' on client with SIM card

There is a client with 2 smart cards . A physical smart card and an integrated eSIM . When CWA Windows tries to autenticate with smartcard the user gets an error that says "Can't read smart card. Please contact your IT administrator" . If we remove the SIM card from the client , the authenticatio...