OpenBullet2 security vulnerabilities

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 have security vulnerabilities on Windows. These vulnerabilities stem from credential exposure, and it is possible for remote attackers to exploit them ...

CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover...

Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from unvalidated WCF SOAP endpoints located...

Sage DPW 安全漏洞

Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...

Appsmith 访问控制错误漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to Appsmith 1.98, there was a security vulnerability related to access control. This vulnerability stemmed from unvalidated instance management API endpoint...

CVE-2026-1582 WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

CVE-2021-47712

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation...

CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

EUVD-2021-25971

Malware in sbrugna...

EUVD-2012-5291

Malware in sbrugna...

EUVD-2014-9076

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-6838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mruby 2.1.0, there is a use-after-free in hashvaluesat in mrbgems/mruby-hash-ext/src/hash-ext.c. CVE-2020-6838 Note that Nessus relies on the presence of the...

Timing Attack

tecnickcom/tcpdf is vulnerable to a Timing Attack. The vulnerability is due to the use of loose comparison != in the unserializeTCPDFtag function, which lacks a constant-time comparison, allowing an attacker to infer hash values through timing discrepancies...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to a loose comparison in the password-checking logic to access the Lesson activity. Note: This only affects passwords that are set to "magic hash" values. Workaround User...

Gradio 安全漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from the fact that comparisons are not done in constant time, which can be exploited by an...

CVE-2024-8453

CVE-2024-8453 concerns PLANET Technology switch devices where passwords are hashed with an insecure, unsalted hashing function. The affected components are PLANET Technology switch models; the vulnerability arises from using an hash function that does not salt, enabling an attacker with administr...

xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow

A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 - WinRAR File Extension Spoofing Vulnerability...

Amazon Linux 2 : python-pip (ALAS-2023-2151)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2151 advisory. A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to...