GHSA-QXVM-R42F-5P8J AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin

Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this...

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

PT-2026-7727

Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description Issues in the My Account and User Management components allow for access escalation. A user with low privileges can gain access to other accounts by manipulating the client’s user ID to modi...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login UI process. An attacker can determine the existence of valid user accounts by submitting arbitrary userIDs and observing the system's response. This can be achieved by iterating through potential userI...

CVE-1999-0169

NFS allows attackers to read and write any file on the system by specifying a false UID...

EUVD-2025-203372

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

EUVD-2021-34728

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...

Smartphone User Fingerprinting on Wireless Traffic

Due to the openness of the wireless medium, smartphone users are susceptible to user privacy attacks, where user privacy information is inferred from encrypted Wi-Fi wireless traffic. Existing attacks are limited to recognizing mobile apps and their actions and cannot infer the smartphone user...

EUVD-1999-0837

Malware in sbrugna...

EUVD-2001-1486

Malware in sbrugna...

EUVD-2021-18678

Malware in sbrugna...

EUVD-2010-3717

Malware in sbrugna...

EUVD-1999-0491

Malware in sbrugna...

EUVD-2025-8623

Malicious code in bioql PyPI...

EUVD-2024-49461

Malicious code in bioql PyPI...

Palo Alto Networks User-ID Credential Agent 安全漏洞

Palo Alto Networks User-ID Credential Agent is a component of Palo Alto Networks, Inc. that has the capability to collect the correspondence between a user's identity and IP address. A security vulnerability exists in the Palo Alto Networks User-ID Credential Agent that originates from a specific...

FacialMotionID: Identifying Users of Mixed Reality Headsets Using Abstract Facial Motion Representations

Facial motion capture in mixed reality headsets enables real-time avatar animation, allowing users to convey non-verbal cues during virtual interactions. However, as facial motion data constitutes a behavioral biometric, its use raises novel privacy concerns. With mixed reality systems becoming...

Haptic-Based User Authentication for Tele-robotic System

Tele-operated robots rely on real-time user behavior mapping for remote tasks, but ensuring secure authentication remains a challenge. Traditional methods, such as passwords and static biometrics, are vulnerable to spoofing and replay attacks, particularly in high-stakes, continuous interactions...