36 matches found
EUVD-2026-34215
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
CVE-2026-33153
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...
EUVD-2017-11480
Malware in sbrugna...
EUVD-2015-8393
Malware in sbrugna...
EUVD-2010-0320
Malware in sbrugna...
EUVD-2022-28570
Malicious code in bioql PyPI...
EUVD-2025-20698
Malicious code in bioql PyPI...
EUVD-2023-0047
Malicious code in bioql PyPI...
EUVD-2025-6196
Malicious code in bioql PyPI...
Missing Authentication
backend.ai is vulnerable to Missing Authentication. The vulnerability is due to improper access control caused by lack of authentication checks in the registration feature, allowing arbitrary users to create accounts and access private data even when registration is disabled...
CVE-2025-7030
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication TFA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.11.0...
CVE-2025-7030
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication TFA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.11.0...
CVE-2025-49591 CryptPad 2FA Bypass Vulnerability
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...
PT-2025-25216 · Docker +1 · Docker +1
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance and Docker versions 10.0 through 10.0.8 Description: The issue allows a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. Recommendations: For versions...
CVE-2025-40664 Missing authentication vulnerability in TCMAN GIM v11
Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser...
CVE-2024-9674
The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-5703
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...
CVE-2019-11019
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/allclaimdetail.php?claimid= URLs...
ChuanhuChatGPT Security Bypass Vulnerability
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a security bypass vulnerability that originates when a username is provided via a client-side HTTP request, which...