CVE-2025-30035

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...

EUVD-2025-208146

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session...

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

CVE-2025-56396

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user...

CVE-2025-56396

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user...

PT-2025-48153

Name of the Vulnerable Software and Affected Versions Ruoyi version 4.8.1 Description An issue exists in Ruoyi that allows attackers to gain escalated privileges. This occurs because the owning department possesses higher rights than the active user. Recommendations Update to a newer version that...

CVE-2025-56396

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user...

Ruoyi 安全漏洞

Ruoyi is a backend management system for Ruoyi Individual Developers. A security vulnerability exists in Ruoyi version 4.8.1, which stems from a departmental privilege being higher than an active user's privilege, which may result in elevated privileges...

CVE-2025-56396

CVE-2025-56396 affects Ruoyi 4.8.1. The issue allows an attacker to gain escalated privileges because the owning department has higher rights than the active user. Affected software is Ruoyi (backend management system) version 4.8.1; root cause described as privilege misalignment between departme...

CVE-2025-52602

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or othe...

CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

HCL BigFix Query 安全漏洞

HCL BigFix Query is a module for querying and collecting system status data in real-time from HCL India. A security vulnerability exists in HCL BigFix Query that stems from an HTTP GET endpoint request in the WebUI Query application returning a discoverable response that could disclose the group...

EUVD-2025-24210

Malicious code in bioql PyPI...

EUVD-2024-25116

Malicious code in bioql PyPI...

EUVD-2023-53264

Malicious code in bioql PyPI...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

CVE-2025-42945

Summary (CVE-2025-42945) : SAP NetWeaver Application Server ABAP is reported to contain an HTML injection vulnerability. An attacker can craft a URL containing a malicious script that tricks a user with an active session into executing it. According to the documents, exploitation could lead to li...

Important: libblockdev security update

libblockdev is a C library supporting GObject introspection for manipulation of block devices. It has a plugin-based architecture where each technology like LVM, Btrfs, MD RAID, Swap,... is implemented in a separate plugin, possibly with multiple implementations e.g. using LVM CLI or the new LVM...