BIT-AUTHENTIK-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

Updated vim packages fix security vulnerabilities

OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...

FormaLMS 安全漏洞

FormaLMS is an open-source learning management system developed by Forma.association. It is designed to meet specific needs related to corporate training. Versions of FormaLMS prior to 4.1.18 contained a security vulnerability. This vulnerability stemmed from the password recovery function, which...

Top Password Dialup Password Recovery 安全漏洞

Top Password Dialup Password Recovery is a password recovery tool developed by Top Password Inc. Version 1.30 of Top Password Dialup Password Recovery has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which could lead to a denial-of-service attack...

CVE-2025-4319

CVE-2025-4319 affects Birebirsoft Software and Technology Solutions Sufirmam. The issue is an improper restriction of excessive authentication attempts and a weak password recovery mechanism for forgotten passwords, enabling brute-force and password-recovery exploitation through Sufirmam versions...

CVE-2022-27582

Password recovery vulnerability in SICK SIM4000 PPC Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and there...

CVE-2025-14696

A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...

Dell SupportAssist OS Recovery 安全漏洞

DELL SupportAssist OS Recovery is a standalone recovery tool pre-installed by Dell on some Windows 10/11 computers to diagnose hardware problems, repair the system, backup files or restore factory settings. DELL SupportAssist OS Recovery suffers from an information disclosure vulnerability that...

EUVD-2006-1513

Malware in sbrugna...

EUVD-2021-18701

Malware in sbrugna...

EUVD-2016-9946

Malware in sbrugna...

EUVD-2010-4078

Malware in sbrugna...

EUVD-2023-53986

Malicious code in bioql PyPI...

EUVD-2025-11648

Malicious code in bioql PyPI...

EUVD-2022-32086

Malicious code in bioql PyPI...

EUVD-2022-32083

Malicious code in bioql PyPI...

EUVD-2022-32087

Malicious code in bioql PyPI...

EUVD-2022-36711

Malicious code in bioql PyPI...

EUVD-2024-26939

Malicious code in bioql PyPI...

CVE-2025-9013 PHPGurukul Online Shopping Portal Project password-recovery.php sql injection

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...