1674 matches found
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
CVE-2026-12692
Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...
CVE-2026-12692
CVE-2026-12692 affects Vimesoft Inc. Enterprise Video Platform (EVP) versions prior to 3.25.0, with EVP 3.11.0.0 and above being affected. The issue is described as an unverified password change vulnerability that enables authentication bypass. The available documents do not provide details on th...
CVE-2026-12692 Improper Authentication in Vimesoft's Enterprise Video Platform
Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...
EUVD-2026-45220
Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...
CVE-2026-12692 Improper Authentication in Vimesoft's Enterprise Video Platform
Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...
CVE-2026-63095
Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...
Malicious code in hehehe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...
CVE-2026-54733 moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint
The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin localo365 Teams SSO endpoint ssologin.php base64-decodes a JWT payload and authenticates...
CVE-2024-58360
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...
CVE-2026-46684
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilterdoFilter pass X-DE-TOKEN values to TokenUtils.validate, which checks only token presence and length before userBOByTokentoken uses JWT.decode without signature...
CVE-2026-53514
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...
CVE-2026-53514 Better Auth: Unauthorized invitation acceptance via unverified email match in organization plugin
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...
CVE-2026-53514
Better Auth (organization plugin) exposes a vulnerability where an attacker with an unverified session for the invited email and a leaked invitationId can join the organization by calling acceptInvitation/rejectInvitation/getInvitation/listUserInvitations, due to email-string ownership checks not...
CVE-2026-53514 Better Auth: Unauthorized invitation acceptance via unverified email match in organization plugin
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...
CVE-2026-61446
PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...
EUVD-2026-44646
PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...
MAL-2026-10456 Malicious code in @spzhongwin/skill-logger-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 970980f38a6389d5b622ca41ba3b418f1538b2a38f595536c97acb934012b8b9 The package advertises itself as a skill usage/error logger but, when activated via the openclaw gatewaystart hook, opens a persistent WebSocket to a...
CVE-2026-22102
CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...
Malicious code in awesome-terminal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 379d820ae94a1dd684c187fd2577558795440d8f8cd1fe3cd209c8eb5b303913 [email protected] ships a postinstall script scripts/install-check.cjs that resolves a bundle URL from a remote JSON config at...