EUVD-2026-24128

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2026-0971

CVE-2026-0971 affects Fortra GoAnywhere MFT prior to v7.10.0. The issue is an improper session timeout where SAML-configured Web Users are redirected to the regular login page instead of the SAML login page. Impact is limited to authentication flow disruption; no data directly exposed per the pro...

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

PT-2026-33977

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

CVE-2025-8148 CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

PT-2025-49314

Name of the Vulnerable Software and Affected Versions GoAnywhere MFT versions prior to 7.9.0 Description An improper access control exists in the SFTP service. This affects web users who have an authentication alias and a valid SSH key, but are limited to password authentication for SFTP. These...

EUVD-2018-5930

Malware in sbrugna...

CVE-2024-47071

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...

CVE-2019-16639

An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec&command= substring. This affects EG-2000SE...

New Attack Technique Makes It Easy to Identify Web Users

By Deeba Ahmed This attack can work on any major browser, including the anonymity-centric Tor. The New Jersey Institute of Technology… This is a post from HackRead.com Read the original post: New Attack Technique Makes It Easy to Identify Web Users...

Design/Logic Flaw

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....

Cross-site Scripting (XSS)

mailman is vulnerable to cross-site scripting XSS. The vulnerability exists as a cross-site scripting XSS flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users...

Starbucks: Korea - LFI Server directory traversal at starbucks.co.kr

b4bilal discovered a misconfiguration when handling URI paths. This permitted an adversary to traverse the docroot and access non sensitive resources that are normally unavailable to web users. @b4bilal — thank you for reporting this vulnerability and for confirming the resolution...

startlocal.com.au Cross Site Scripting vulnerability

Security Researcher npuser500 Helped patch 2610 vulnerabilities Received 7 Coordinated Disclosure badges Received 19 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting startlocal.com.au website and its users. Following...

Microsoft Windows Media Player CVE-2019-1480 Information Disclosure Vulnerability

Description Microsoft Windows Media Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for...

SAP BusinessObjects Business Intelligence CVE-2019-0398 Cross Site Request Forgery Vulnerability

Description SAP BusinessObjects Business Intelligence Platform is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain...

CVE-2019-18930

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users including guest account to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and downloadmgr.cgi makes it possible to enter large-sized...