39 matches found
CVE-2026-8903
The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...
EUVD-2026-29210
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...
Debian dsa-6259 : python-jwt-doc - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6259 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 [email protected] https://www.debian.org/security/...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing for the automatic activation of untrusted workspace plugins during...
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
GHSA-9JPJ-CPH8-W449 Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
EUVD-2018-20674
Malware in sbrugna...
EUVD-2011-0305
Malware in sbrugna...
EUVD-2005-2505
Malware in sbrugna...
Extreme Networks Fabric Engine 安全漏洞
Extreme Networks Fabric Engine is a virtualized network fabric engine from Extreme. A security vulnerability exists in Extreme Networks Fabric Engine versions prior to 9.3 that stems from unvalidated ISIS authentication settings and could lead to unauthorized access to network fabric and...
PT-2025-41159
Name of the Vulnerable Software and Affected Versions Extreme Networks Fabric Engine VOSS versions prior to 9.3 Description A flaw exists in Extreme Networks’ Fabric Engine VOSS where, when SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validatin...
EUVD-2022-53181
Malicious code in bioql PyPI...
EUVD-2025-27284
Malicious code in bioql PyPI...
EUVD-2025-27283
Malicious code in bioql PyPI...
CVE-2025-55141
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55142
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55141
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55141
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55142
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...