Pac4J JWT < 4.5.9 / 5.x < 5.7.9 / 6.x < 6.3.3 Authentication Bypass (CVE-2026-29000) (Direct Check)

Binary data pac4jjwtauthenticationbypasscve-2026-29000.nbin...

CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the password reset process. An attacker can gain unauthorized access to user accounts by injecting a malicious password reset link and capturing the reset token if the legitimat...

WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...

PT-2025-50912

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

CVE-2025-9798

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 before 6.3.5 V8...

PT-2025-39157

Name of the Vulnerable Software and Affected Versions Netigma versions 6.3.3 through 6.3.4 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting XSS condition. This allows for the injection of malicious...

WinSCP Key Recovery Attack Vulnerability - Windows

WinSCP is prone to a key recovery attack vulnerability SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:winscp:winscp";...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

WordPress Popular Posts Plugin < 6.3.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpresspopularpostsproject:wordpresspopularposts"; if...

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4groupdesccsum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend again...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 6.3.3, which stems from ext4groupdesccsum failing to properly check offsets. An attacker could exploit the...

PT-2022-12118 · Anydesk · Anydesk

Name of the Vulnerable Software and Affected Versions: AnyDesk versions prior to 6.2.6 AnyDesk versions 6.3.x prior to 6.3.3 Description: An issue was discovered in the AnyDesk software, where an unnecessarily open listening port is created on a machine in the LAN of an attacker when the tunnelin...

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

PT-2021-23548 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.3.3 Description: An improper access control issue exists, allowing an attacker with access to the Inforail Service to perform a session takeover. Recommendations: For versions prior to 6.3.3, update to...

SUSE: Security Advisory (SUSE-SU-2020:0372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : LibreOffice (SUSE-SU-2020:0121-1)

This update libreoffice to version 6.3.3 fixes the following issues : LibreOffice was updated to 6.3.3 jscSLE-8705, bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed : CVE-2019-9853: Fixed an...

Design/Logic Flaw

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...

CVE-2016-5398

Cross-site scripting XSS vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes...