CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

PT-2026-44457

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...

Improper Authentication Validation

github.com/mattermost/mattermost-server is vulnerable to improper authentication validation. The vulnerability is due to failure to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated attacker to perform account takeover ...

CVE-2026-32103 StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...

Missing Critical Step in Authentication

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to insufficient validation of the authentication Level of Assuran...

Authorization Bypass

fuxa-server is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of role-based access controls on WebSocket endpoints, where the server fails to validate authentication and authorization for device tag modification requests, allowing unauthenticated remote...

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

EUVD-2025-37415

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

EUVD-2017-14349

Malware in sbrugna...

EUVD-2021-9317

Malicious code in bioql PyPI...

CVE-2025-40743

A vulnerability has been identified in SINUMERIK 828D PPU.4 All versions V4.95 SP5, SINUMERIK 828D PPU.5 All versions V5.25 SP1, SINUMERIK 840D sl All versions V4.95 SP5, SINUMERIK MC All versions V1.25 SP1, SINUMERIK MC V1.15 All versions V1.15 SP5, SINUMERIK ONE All versions V6.25 SP1, SINUMERI...

CVE-2025-40743

A vulnerability has been identified in SINUMERIK 828D PPU.4 All versions V4.95 SP5, SINUMERIK 828D PPU.5 All versions V5.25 SP1, SINUMERIK 840D sl All versions V4.95 SP5, SINUMERIK MC All versions V1.25 SP1, SINUMERIK MC V1.15 All versions V1.15 SP5, SINUMERIK ONE All versions V6.25 SP1, SINUMERI...

PT-2025-32652 · Siemens · Sinumerik 828D Ppu.4 +6

Name of the Vulnerable Software and Affected Versions: SINUMERIK 828D PPU.4 versions prior to V4.95 SP5 SINUMERIK 828D PPU.5 versions prior to V5.25 SP1 SINUMERIK 840D sl versions prior to V4.95 SP5 SINUMERIK MC versions prior to V1.25 SP1 SINUMERIK MC V1.15 versions prior to V1.15 SP5 SINUMERIK...

CVE-2012-6392

Cisco Prime LAN Management Solution LMS 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779...

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version v0.12.0 that stems from not properly validating authentication, which could lead to a privacy breach...

Palo Alto Networks GlobalProtect 信任管理问题漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A trust management issue vulnerability exists in Palo Alto Networks GlobalProtect, which stems from insufficie...

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...

PT-2024-5097 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Server, related to errors in security mechanisms. This issue allows an unauthenticated attacker to access an...

CVE-2024-1803

Summary (CVE-2024-1803) : The WordPress plugin EmbedPress (Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.) up to version 3.9.12 is vulnerable to unauthorized access of PDF embed functionality due to insufficient authorization validation on the PDF embed block. Impact, per sources, is that a...

Security Bulletin: next-auth-4.24.3.tgz is vulnerable to CVE-2023-48309 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses next-auth-4.24.3.tgz which is vulnerable to CVE-2023-48309 Vulnerability Details CVEID:CVE-2023-48309 DESCRIPTION: Auth.js next-auth could allow a remote attacker to obtain sensitive information, caused by improper authentication...