129 matches found
CVE-2026-30966
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any...
CVE-2026-27801
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...
CVE-2026-27801
Vaultwarden (unofficial Bitwarden server) is affected by CVE-2026-27801 where versions 1.34.3 and earlier permit a 2FA bypass on protected actions due to faulty rate-limit enforcement. An authenticated attacker can perform protected actions (e.g., access a user’s API key or delete vaults and orga...
GHSA-V6PG-V89R-W8WR Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...
Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...
PT-2026-23064
Name of the Vulnerable Software and Affected Versions Vaultwarden versions 1.34.3 and prior Description Vaultwarden, a Bitwarden compatible server, is susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this...
CVE-2026-27839
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...
ABB AC500 V3 Multiple Vulnerabilities
SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files...
CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...
CVE-2023-45184
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270...
CVE-2019-7476
A vulnerability in SonicWall Global Management System GMS, allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier...
CVE-2025-64420 Coolify members can see private key of root user
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...
EUVD-2025-34896
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerabili...
CVE-2025-8414
CVE-2025-8414 affects Zigbee EZSP Host Applications and is caused by improper input validation leading to a buffer overflow. This can cause stack corruption and, under certain conditions, arbitrary code execution. Exploitation requires access to a network key. The CVSS 4.0 score is CRITICAL (AV: ...
EUVD-2020-7151
Malware in sbrugna...
EUVD-2020-28941
Malware in sbrugna...
EUVD-2021-24846
Malware in sbrugna...
EUVD-2014-3227
Malware in sbrugna...
EUVD-2016-4718
Malware in sbrugna...