5 matches found
TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...
PYSEC-2026-407 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...
Linux Distros Unpatched Vulnerability : CVE-2026-48842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...
The vulnerability of the PreAuth component in the corporate email management system Zimbra Collaboration Suite allows a hacker to redirect users to any arbitrary URL address.
The vulnerability of the PreAuth component in the Zimbra Collaboration Suite email management system is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address remotely...
PT-2020-14758 · Gnome +1 · Gnome Balsa +1
Name of the Vulnerable Software and Affected Versions: GNOME Balsa versions prior to 2.6.0 Description: A malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap mbox connect in libbalsa/imap/imap-handle.c. This...