WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

CVE-2026-43914

A flaw was found in Vaultwarden, a Bitwarden-compatible server. A remote attacker can exploit an unprotected two-factor authentication 2FA function, sendemaillogin, to bypass login brute-force protection. This allows the attacker to repeatedly attempt password guesses without rate-limiting,...

CVE-2026-43914

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function sendemaillogin email.rs, api endpoi...

CVE-2026-43914 Vaultwarden: Brute-force protection bypass vulnerability

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function sendemaillogin email.rs, api endpoi...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.4 contained a security vulnerability. This vulnerability stemmed from the fact that enabling email two-factor authentication allowed bypassing login...

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid...

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via the userID authentication. An attacker can gain unauthorized access by leveraging...

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

MiracleLinux 3 : squirrelmail-1.4.8-21.AXS3 (AXSA:2013-274:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-274:01 advisory. SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render...

CVE-2025-61922

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

CVE-2025-61922

PrestaShop Checkout (ps_checkout) vulnerability CVE-2025-61922 allows unauthenticated, zero-click account takeover by knowing the victim’s email. Affected versions are prior to 4.4.1 and 5.0.5; patches exist and fix is in 4.4.1 (for PrestaShop 1.7 and 8) and 5.0.5 (for 1.7, 8, and 9). Public expl...

EUVD-2024-17361

Malicious code in bioql PyPI...

EUVD-2025-14949

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-3170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The have you forgotten your password links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username...

DRUPAL-CONTRIB-2025-088

This module enables users to login by email address with the minimal configurations. The module included some protection against brute force attacks on the login form, however they were incomplete. An attacker could bypass the brute force protection allowing them to potentially gain access to an...

Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088

This module enables users to login by email address with the minimal configurations. The module included some protection against brute force attacks on the login form, however they were incomplete. An attacker could bypass the brute force protection allowing them to potentially gain access to an...

CVE-2023-6584

The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address...