CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

CVE-2018-20673 affecting package crash for versions less than 9.0.0-1

CVE-2018-20673 affecting package crash for versions less than 9.0.0-1. An upgraded version of the package is available that resolves this issue...

Kerio Control Cross-Site Request Forgery Vulnerability

Kerio Control is a simple and fast unified threat management system. Cross-site request forgery vulnerabilities in Kerio Control version 9.1.3 can be exploited by an attacker to execute arbitrary script code in the context of an affected site, steal cookie-based authentication, disclose sensitive...

AZL-35079 CVE-2007-2768 affecting package openssh for versions less than 9.5p1-2

OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar issue to CVE-2007-2243...