498 matches found
CVE-2026-10552
The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...
CVE-2026-10552
The CVE-2026-10552 entry concerns the WordPress plugin Blue Captcha (versions up to 2.0.1). It documents a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the main admin page (blcap_main_page) and on Hall of Shame and Log subpages. These pages accept a bl...
CVE-2026-47203
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...
CVE-2026-47203
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...
CVE-2026-47203
CVE-2026-47203 (Authelia) affects Authelia 4.38.0–4.39.19 where using Basic Auth on the authz verification endpoint exposes a bug: the username extracted from the Authorization header is passed to the ban/attempt regulation as-is, while LDAP binds are case-insensitive but regulation SQL lookups c...
Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban
Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries. Reuters reports that Anthropic said it will "abruptly disable" its most advanced AI models for all users after the US government ordered it to suspend access...
CVE-2026-47197
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197
CVE-2026-47197 concerns the Quest Bot for Discord. Before version 1.1.6, a moderator who has the relevant Discord permission can use the bot to moderate users who are higher in the Discord role hierarchy, provided the bot itself outranks the target. This bypasses Discord’s normal role hierarchy p...
Malicious code in discord-massban (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1b535ff4283b14cd5d93b2e31a997d1c8abd7424e2aa48a993c19e5e7f6b2b3b Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in discord-ban (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-5091 Malicious code in discord-ban (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
GHSA-HJJ4-HFJM-FMRJ Authelia Missing Username Canonicalization in Basic Auth (LDAP)
Impact CVSSv4 Baseline Score: Moderate 6.3 CVSSv4 Weighted Score: Low 2.9 The full CVSSv4 Vector for this vulnerability is:...
PT-2026-45030
Name of the Vulnerable Software and Affected Versions Authelia versions 4.38.0 through 4.39.19 Description When using the LDAP authentication backend, the authz verification endpoint fails to canonicalize usernames provided via Basic Auth in the Authorization header. Because LDAP treats usernames...
Linux Distros Unpatched Vulnerability : CVE-2026-48692
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with...
CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
UBUNTU-CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
CVE-2026-48692
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...