PT-2026-27115

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gai...

CVE-2025-60305

SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations...

CVE-2025-60306

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations...

CVE-2025-60305

SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations...

CVE-2025-56274

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged such as admin sessions and perform sensitive operations such as adding new users...

CVE-2021-41192

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

The vulnerability of the GlobalProtect Agent VPN application, related to authentication procedures that are insufficient, allows a hacker to forge a VPN session and gain access under the user’s identity.

The vulnerability of the corporate VPN application GlobalProtect Agent is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to forge a VPN session and gain access under the user’s identity...