CVE-2026-7887

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

CVE-2026-7887

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

PT-2026-3435

Name of the Vulnerable Software and Affected Versions technical-laohu mpay versions up to 1.2.4 Description A security issue exists in the QR Code Image Handler component of technical-laohu mpay. Manipulation of the codeimg argument can lead to unrestricted upload. This issue can be exploited...

CVE-2023-4177

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...

EUVD-2025-17579

Malicious code in bioql PyPI...

EUVD-2025-12431

Malicious code in bioql PyPI...

EUVD-2025-24637

Malicious code in bioql PyPI...

EUVD-2024-48586

Malicious code in bioql PyPI...

EUVD-2023-54056

Malicious code in bioql PyPI...

CVE-2025-8927 mtons mblog Verification Code send_code excessive authentication

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

CVE-2025-8927

Summary (CVE-2025-8927) : A vulnerability exists in mtons mblog up to version 3.5.0 affecting the Verification Code Handler, specifically the file /email/send_code. Malicious manipulation of the email parameter can bypass restrictions on excessive authentication attempts. The issue can be exploit...

CVE-2025-8927 mtons mblog Verification Code send_code excessive authentication

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

PT-2025-33077 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A flaw exists in mtons mblog up to version 3.5.0 within the Verification Code Handler component, specifically in the /email/send code file. Manipulation of the email argument results in an imprope...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897

CVE-2025-5897 affects the Vue CLI (vue-cli) up to version 5.0.8, specifically the HtmlPwaPlugin.js in the Markdown Code Handler. The issue is an inefficient regular expression handling that can enable a Regular Expression Denial of Service (ReDoS) scenario and may be triggered remotely. Multiple ...

CVE-2024-9907

A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated...

GHSA-37PQ-893F-G7Q5 Apereo CAS code injection vulnerability

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...

Apereo CAS code injection vulnerability

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...

CVE-2025-3984

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...