CVE-2026-49325 Indian Scout Bobber 2025 WCM voltage-based shutdown

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

EUVD-2026-33292

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

CVE-2026-49325

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

GHSA-5H3G-6XHH-RG6P OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Summary OpenShell FS bridge reads pin and verify the opened file before returning bytes Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a...

EUVD-2024-41462

Malicious code in bioql PyPI...

EUVD-2023-27059

Malicious code in bioql PyPI...

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-45407

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

CVE-2024-45407 Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

PT-2024-31611 · Sunshine · Sunshine

Name of the Vulnerable Software and Affected Versions: Sunshine affected versions not specified Description: The issue occurs when clients experience a Man-in-the-Middle MITM attack during the pairing process. This may allow access to an unintended client rather than failing authentication due to...

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...

PT-2023-18799 · Syracom +1 · Syracom Secure Login +1

Name of the Vulnerable Software and Affected Versions: Syracom Secure Login plugin versions prior to 3.1.1.0 for Jira Description: The issue allows spoofing of 2FA PIN validation via the "plugins/servlet/twofactor/public/pinvalidation" target parameter. This may enable unauthorized access by...

CVE-2023-22958

CVE-2023-22958 concerns the Syracom Secure Login plugin for Jira, prior to version 3.1.1.0. The issue allows spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter, potentially enabling unauthorized access by bypassing two-factor authentication. Doc...

CVE-2015-3298

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...

Code injection

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...

CVE-2015-3298

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...

CLSA-2022-1645466754 Fix of CVE: CVE-2021-43527

CVE-2021-43527: nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Pin validation date for PayPalEE test cert...

Amtote Homebet - Account Information Brute Force

source: https://www.securityfocus.com/bid/3371/info Homebet is an internet based betting application that is developed by Amtote International. A vulnerability exists in Homebet which could enable a non-registered user to confirm the validity of possible legitimate users and their PIN numbers...