CVE-2026-56234

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

EUVD-2026-38429

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

CVE-2026-56234

Capgo prior to 12.128.2 exposes a credential validation endpoint (POST /functions/v1/private/validate_password_compliance) that is accessible with only the public Supabase key and lacks authentication. The endpoint uses permissive CORS with a wildcard origin and has no rate limiting, which enable...

Linux Distros Unpatched Vulnerability : CVE-2026-12446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Passwords. CVE-2026-12446 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 ...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. in the United States. Google Chrome has a vulnerability related to input validation, which stems from Passwords’ insufficient validation for untrusted inputs...

CVE-2026-10004

Google Chrome/Chromium Passwords component vulnerability: insufficient validation of untrusted input before version 148.0.7778.216 allows UI spoofing via a crafted HTML page. Impact is UI spoofing; no exploit details are provided in the documents. Remediation: update to Chrome 148.0.7778.216 or l...

CVE-2026-8760

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

GHSA-XMPV-J7P2-J873 Nautobot: Management of users via REST API does not apply configured password validators

Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...

Weak Password Requirements

Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Weak Password Requirements in the REST API for user management. An attacker can set weak or non-compliant passwords for user accounts by bypassing configured password...

EUVD-2026-17598

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.30 and 3.0.10 contained security vulnerabilities. These vulnerabilities stemmed from the failure to apply the password validation rules defined by Django’s AUTHPASSWORDVALIDATORS when creating and...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the getapivideopasswordiscorrect API endpoint, which allowed any unverified user to validate...

CVE-2026-33124

Frigate (NVR) prior to version 0.17.0-beta1 allows any authenticated user to change their own password without providing the current password via /users/{username}/password. Affected component: password change functionality; root cause includes lack of current-password verification and no passwor...

CVE-2026-3744

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2026-3744 code-projects Student Web Portal signup.php valreg_passwdation sql injection

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2026-28514

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

EUVD-2026-10050

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

CVE-2026-28514

CVE-2026-28514 affects Rocket.Chat versions prior to 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0. The root cause is a missing await keyword when validating passwords in the ddp-streamer account service, causing a Promise object to be treated as a truthy result and permitting login wit...

PT-2026-23735

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...