5824 matches found
CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...
CVE-2026-25050
Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...
CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...
EUVD-2026-5025
Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...
CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...
IBM Concert Information Disclosure Vulnerability (CNVD-2026-10662)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
IBM Concert Code Issue Vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a code issue vulnerability that stems from not validating the content of files uploaded to the web interface, which can be...
IBM Concert Information Disclosure Vulnerability (CNVD-2026-10661)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
PT-2026-5409
Name of the Vulnerable Software and Affected Versions Vendure versions prior to 3.5.3 Description Vendure, an open-source headless commerce platform, contains a flaw in the NativeAuthenticationStrategy.authenticate method. This issue allows attackers to enumerate valid usernames email addresses...
Vendure security vulnerabilities
Vendure is an open-source e-commerce framework developed by Vendure. Versions prior to Vendure 3.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a time difference in the NativeAuthenticationStrategy.authenticate method, which could lead to username enumeration attacks...
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
Threat actors predominately exploited public-facing applications for the second quarter in a row, with this tactic appearing in nearly 40 percent of Cisco Talos Incident Response Talos IR engagements -- a notable decrease from over 60 percent last quarter, when engagements involving ToolShell...
CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
Rapid7 vs. Hive Pro: A Head-to-Head Comparison
Threat intelligence and Business context are the secret sauces that transform vulnerability management from a frantic game of whack-a-mole into a strategic, focused risk management and security practice. Without it, you’re just staring at a massive list of vulnerabilities with little to no contex...
CVE-2025-27821
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-24813 A null pointer dereference in abcz316/SKRoot-linuxKernelRoot
NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot testRoot/jni/utils modules. This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot...
OSV-2026-150 Null-dereference READ in wasm_runtime_invoke_native
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478557340 Crash type: Null-dereference READ Crash state: wasmruntimeinvokenative wasminterpcallwasm wasmcallfunction...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via statically linked code from uriparser2. An attacker can cause memory corruption or denial of service by sending specially crafted requests to the affected process. Remediation Upgrade...
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
GHSA-92CC-952P-V8RH Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2025-27821
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...