723 matches found
EUVD-2026-44917
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include...
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectto parameter. id: CVE-2012-6499 info: name: WordPress Plugin Age...
CVE-2026-50663
Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network...
CVE-2026-50663
CVE-2026-50663 affects Age of Empires II: Definitive Edition. The vulnerability is a relative path traversal in the game that could allow an unauthorized attacker to execute code over the network. The current documents specify the impact as remote code execution with high severity (CVSS 3.1: AV:N...
CVE-2026-50663 Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability
...
Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability
Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network...
PT-2026-58211
Name of the Vulnerable Software and Affected Versions Age of Empires II: Definitive Edition affected versions not specified Description A relative path traversal issue allows an unauthorized attacker to achieve remote code execution over a network. The attack occurs when a user joins an...
CVE-2026-56664
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...
CVE-2026-56664 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...
CVE-2026-56664 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...
GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check
Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...
PT-2026-56054
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.4.0 Description The helmet middleware in the Fiber web framework fails to set the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is configured. This occurs because the logic in...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, external-dns, argocd-image-updater-fips, backup-restore-operator, coder, amazon-ssm-agent-fips, crossplane-provider-azure-managedidentity, gitlab-runner-fips, cilium, crossplane-provider-azure-search, falcoctl, aactl,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: docker-machine-driver-harvester, skaffold, scorecard, cluster-api-azure-controller, crossplane-provider-azure-sql, steampipe, gitlab-runner, hcloud, syft, dagger, telegraf, flux-source-controller, terraform-provider-azurerm, kubescape, argo-events, tkn, age, trivy,...
EUVD-2026-39229
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed out-of-bounds access during read/writing of sysfs attributes. Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. Example: vm: echo...
EUVD-2025-210217
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2025-49403
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2025-49403
CVE-2025-49403 affects Premium Age Verification / Restriction for WordPress (WordPress plugin) versions <= 3.0.2. Unauthenticated Arbitrary File Download is reported; Patchstack notes vulnerability in versions
CVE-2025-49403 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...