CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

[SECURITY] Fedora 42 Update: lemonldap-ng-2.22.3-1.fc42

LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...

PT-2026-36100

CVE-2026-31431 is another reminder that one unpatched vulnerability can turn a small foothold into full system compromise. For businesses running remote teams, cloud workloads, or distributed infrastructure, secure access and layered protection matter more than ever. Patch fast. Limit exposure...

PT-2026-36120

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

VulnCheck KEV: CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

CTEM for Financial Services: Continuous Threat Exposure Management for Banks and Financial Institutions

Protect Customer Data. Prevent Fraud. Meet PCI-DSS, SOX, and DORA Compliance. Financial institutions are the most targeted sector for cyberattacks. With an average breach cost of $6.08 million and regulators tightening requirements under PCI-DSS 4.0 and DORA, reactive security programs leave bank...

GHSA-M9H6-8PQM-XRHF Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read

Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

EUVD-2018-21832

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, downloadxml.pl,...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

EUVD-2018-21831

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

CVE-2018-25310

VideoFlow Digital Video Protection DVP 2.10 is affected by an authenticated remote code execution vulnerability. An attacker with valid credentials can exploit a cross-site request forgery in the web management interface to inject and execute system commands via Tools > System > Shell, gain...

CVE-2026-26206 Wazuh: API brute-force protection bypass via race condition in login attempt tracking

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

CVE-2026-26206

Wazuh server API brute-force protection for POST /security/user/authenticate can be bypassed via a race condition when handling concurrent authentication requests. From versions 4.0.0 up to before 4.14.4, sequential requests honor the max_login_attempts threshold (default 50) but parallel bursts ...

CVE-2026-26206 Wazuh: API brute-force protection bypass via race condition in login attempt tracking

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

CLSA-2026-1777452704 bind: Fix of CVE-2026-1519

CVE-2026-1519: limit NSEC3 iteration count when proving an insecure delegation so a maliciously crafted DNSSEC zone with a high-iteration NSEC3 record cannot exhaust resolver CPU; treat the answer as insecure above the 150-iteration limit. Backport of bind-9.11.36-16.el810.7 RHSA-2026:8352...

CVE-2025-10503 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...