CVE-2026-31813

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

PT-2026-7806

Name of the Vulnerable Software and Affected Versions AdForest versions up to and including 6.0.12 Description The AdForest theme for WordPress is susceptible to authentication bypass. The issue stems from insufficient user identity verification before authentication via the sb login user with ot...

PT-2026-5616

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

CVE-2025-67603

CVE-2025-67603 affects Foomuuri prior to 0.31. An improper Authorization flaw allows arbitrary users to influence firewall configuration via D-Bus methods due to missing PolicyKit authorization and insufficient input validation. Upstream fixes are in v0.31, addressing CVE-2025-67603 and CVE-2025-...

PT-2025-54282

Name of the Vulnerable Software and Affected Versions Knowband Mobile App Builder WordPress plugin versions prior to 3.0.0 Description The plugin lacks proper authorization checks when deleting users through its REST API. This allows unauthenticated attackers to delete any user. The vulnerable AP...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

CVE-2025-51741

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the...

CVE-2025-51741

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the...

CVE-2025-51741

CVE-2025-51741 affects Veal98 Echo Open-Source Community System versions 2.2–2.3. An unauthenticated attacker can trigger the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint, potentially causing a denial of service to the server or downstre...

CVE-2025-51741

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the...

CVE-2025-63562

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...

EUVD-2025-36108

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...

Flowring Agentflow 安全漏洞

Flowring Agentflow is an intelligent process automation RPA platform from Flowring China. A security vulnerability exists in Flowring Agentflow that stems from the use of hard-coded encryption keys, which could allow an unauthenticated remote attacker to generate authentication information using ...

EUVD-2005-4776

Malware in sbrugna...

EUVD-2020-20627

Malware in sbrugna...

EUVD-2012-0013

Malware in sbrugna...

EUVD-2020-9426

Malware in sbrugna...

EUVD-2002-0658

Malware in sbrugna...

EUVD-2005-4204

Malware in sbrugna...

EUVD-2006-6756

Malware in sbrugna...