EUVD-2026-36024

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

CVE-2026-34460 NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

[SECURITY] Fedora 43 Update: openssh-10.0p1-9.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

PT-2026-33186

Name of the Vulnerable Software and Affected Versions TP-Link Archer C7 versions v5 and v5.8 through Build 20220715 Description Inadequate encryption strength in the uhttpd modules allows for password recovery exploitation. The web interface encrypts the admin password client-side using RSA-1024...

CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

EUVD-2025-208456

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

CVE-2023-25350

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...

CVE-2020-24007

Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page...

WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...

WordPress plugin Login Security, FireWall, Malware removal by CleanTalk 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plug...

Code-Projects COVID Tracking System SQL注入漏洞

Code-Projects COVID Tracking System is a new Crown Pneumonia tracking system from Code-Projects open source. A SQL injection vulnerability exists in Code-Projects COVID Tracking System version 1.0, which stems from incorrect manipulation of the parameter code in the file /login.php, which could...

CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

EUVD-2013-0469

Malware in sbrugna...

EUVD-2020-11223

Malware in sbrugna...

EUVD-2013-2152

Malware in sbrugna...

EUVD-2020-12783

Malware in sbrugna...

EUVD-2021-16316

Malware in sbrugna...

EUVD-2017-8886

Malware in sbrugna...