Astra Linux - уязвимость в libzstd

A vulnerability was discovered in zstd v1.4.10, where an attacker can provide an empty string as an argument to the command-line tool, causing a buffer overflow...

Repetier-Server 1.4.10 - Path Traversal

Exploit Title: Repetier-Server 1.4.10 - Path Traversal Exploit Author: Mohammed Idrees Banyamer Vendor Homepage: https://www.repetier.com/ Version: str: return "..%5c" depth def attemptreadtargeturl: str, filepath: str, traversaldepth: int = 15, timeout: int = 10 - bool: traversal =...

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

CVE-2026-34834

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

CVE-2026-34834

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

CVE-2026-34834

Bulwark Webmail (self-hosted webmail client for Stalwart Mail Server) had an authentication bypass in verifyIdentity() before version 1.4.10 due to missing session cookie validation. The logic returned true when no session cookies were present, allowing unauthenticated attackers to bypass securit...

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

CVE-2026-34833 Bulwark Webmail: Information Exposure: password returned in /api/auth/session

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

Bulwark Webmail 授权问题漏洞

Bulwark Webmail is an open-source hosted webmail client developed by Bulwark Mail. Versions of Bulwark Webmail prior to 1.4.10 had an authorization vulnerability. This vulnerability stemmed from a logical issue in the verifyIdentity function, which returned true when no session cookie was present...

Bulwark Webmail 安全漏洞

Bulwark Webmail is an open-source, self-hosted webmail client developed by Bulwark Mail. Versions of Bulwark Webmail prior to 1.4.10 contained a security vulnerability. This vulnerability occurred because the GET /api/auth/session endpoint included the user’s plaintext password in the JSON...

PT-2026-29880

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

PT-2026-29879

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

EUVD-2025-205252

Cross-Site Request Forgery CSRF vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through = 1.4.10...

CVE-2025-68583

Cross-Site Request Forgery CSRF vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through = 1.4.10...

CVE-2025-68583 WordPress Fast User Switching plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through = 1.4.10...

WordPress plugin Fast User Switching 安全漏洞

Fast User Switching is a plugin that allows site administrators to quickly switch between different user accounts, operating directly from the WordPress admin toolbar. WordPress Fast User Switching suffers from a cross-site request forgery vulnerability, and no details of the vulnerability are...

CVE-2025-58613

Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort posts-data-table allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Table with Search & Sort: from n/a through = 1.4.10...

CVE-2025-58613

CVE-2025-58613 concerns a Missing Authorization/Broken Access Control flaw in the WordPress plugin “Posts Table with Search & Sort” (Barn2 Plugins). The vulnerability affects versions up to 1.4.10 and is driven by incorrectly configured access control security levels, enabling unauthorized access...

PT-2025-35747

Name of the Vulnerable Software and Affected Versions: Barn2 Plugins Posts Table with Search & Sort versions through 1.4.10 Description: The Posts Table with Search & Sort plugin contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations:...

CVE-2023-23865

Cross-Site Request Forgery CSRF vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin = 1.4.10 leads to settings change...