CVE-2025-67603 Lack of client authorization allows arbitrary users to influence the firewall configuration

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31...

EUVD-2023-44558

Malicious code in bioql PyPI...

EUVD-2023-57355

Malicious code in bioql PyPI...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

CVE-2025-46801

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...

CVE-2025-46801

CVE-2025-46801 affects Pgpool-II (PgPool Global Development Group) and related pgpool2 packages, causing authentication bypass via a primary weakness. Exploitation could allow logging in as arbitrary users, leading to reading/tampering data or disabling the database. Public advisories from IBM an...

CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

PT-2023-5510 · Cisco · Cisco Catalyst Sd-Wan Manager

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager Software affected versions not specified Description: A vulnerability in the Security Assertion Markup Language SAML APIs could allow an unauthenticated, remote attacker to gain unauthorized access to the...

CVE-2022-3930 Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...

Unspecified Vulnerability in GNU Guix

GNU Guix is an open source, cross-platform package manager from the GNU Project. A security vulnerability in GNU Guix version 1.0.1, which stems from the parent directory of the user profile directory being globally writable, can be exploited by a local attacker to gain access to arbitrary users...

BlogPHP 2.0 - index.php Multiple Cross-Site Scripting Vulnerabilities

BlogPHP 2.0 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29133/info BlogPHP is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, an HTML-injection issue, and a cookie-manipulation issue. Attackers can...

BlogPHP 2.0 - &#039;index.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/29133/info BlogPHP is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, an HTML-injection issue, and a cookie-manipulation issue. Attackers can exploit these issues to execute arbitrary script code in the context ...

CVE-2006-5474

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset...

DELTAScripts PHP Classifieds 6.20 - Member_Login.php SQL Injection

DELTAScripts PHP Classifieds 6.20 - MemberLogin.php SQL Injection source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

SUSE-SA:2005:012: imap

The remote host is missing the patch for the advisory SUSE-SA:2005:012 imap. The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to...