Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via the launcher endpoint when an authenticated host sends an unexpected log type value. An attacker can cause the server process to terminate immediately, disrupting all connected...

EUVD-2026-8922

osctrl is Vulnerable to OS Command Injection via Environment Configuration...

CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

PT-2026-3534

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get item permissions check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and...

EUVD-2025-21048

Malicious code in bioql PyPI...

DRUPAL-CONTRIB-2025-079

Open Social is a Drupal distribution for online communities, which ships with a default module that allows users to enroll in events. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery CSRF attacks. Users can be tricked into accepting or rejecting these...

CVE-2008-3421

Multiple cross-site request forgery CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to 1 updatemodule.jsp, 2 enrollcourse.pl, and 3...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to 1 updatemodule.jsp, 2 enrollcourse.pl, and 3...

CVE-2008-3421

Multiple cross-site request forgery CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to 1 updatemodule.jsp, 2 enrollcourse.pl, and 3...