CVE-2026-45410

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

EUVD-2026-33070

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

CVE-2026-45410 Time-based user enumeration in TREK authentication endpoint

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

PT-2026-44554

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

CVE-2026-3516 Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clmapiframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The saveCustomFiel...

Argo CD 代码问题漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A code issue vulnerability exists in Argo CD that stems from a malicious API request that is not handled correctly, which could lead to an API server crash and denial of service. The following versions are...

CVE-2025-54870 VTun-ng's failure to initialize encryption modules may cause reversion to plaintext

VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround thi...

CVE-2023-47771

Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18...

CVE-2023-47771

Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18...

OPENSUSE-SU-2022:10252-1 Security update for vlc

This update for vlc fixes the following issues: - Update to version 3.0.18 CVE-2022-41325, boo1206142: + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - A...

Security update for vlc (important)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2022:10252-1 Rating: important References: 1200944 1206142 Cross-References: CVE-2020-0499 CVE-2021-0561 CVE-2022-41325 CVSS scores: CVE-2020-0499 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-0499...

Design/Logic Flaw

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...

Jshish 缓冲区错误漏洞

Jshish is a javascript-ish interpreter with built-in websocket-server, sqlite and C extensibility. Jshish suffers from a buffer error vulnerability that stems from the product's jsievalcodesub function failing to properly validate data boundaries, which could allow an attacker to cause a denial o...

Ec-cube 输入验证错误漏洞

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . An input validation error vulnerability exists in EC-CUBE versions 3.0.5 through 3.0.18, which allows remote attackers to exploit the vulnerability to cause a denial of service DoS condition via an unspecified vector...

Ec-cube 安全漏洞

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . A security vulnerability exists in EC-CUBE versions 3.0.0 through 3.0.18, which stems from Failure to properly restrict the rendering of UI layers or frames can lead to clickjacking attacks. If a user accesses a special...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)

Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...

DSA-708-1 php3 - missing input sanitising

Bulletin has no description...