CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

PT-2026-40446

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The readonly flag in the '' JSP tag is intended to prevent file modifications. When protected=true, the elfinder checkRisk function ensures the client sends readonly=true to match the session value...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the requireSignedTags process. An attacker can bypass signature verification by creating an unsigned annotated tag, which would be incorrectly accepted as valid. Remediation A fix was...

CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2026-16601)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security bypass vulnerability caused by an error in the CSS parsing and calculation component. An attacker can exploit the vulnerability to bypass security restrictions...

CVE-2026-25604 Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

CVE-2026-26205

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

GHSA-2Q7R-29RG-6M5H fastify-reply-from affected by bypass of reply forwarding

Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...

CVE-2025-62584

CVE-2025-62584 affects Naver Whale Browser prior to version 4.33.325.17 and describes a bypass of the Same-Origin Policy in a dual-tab environment. The available connected documents consistently state that the issue enables an attacker to bypass SOP between tabs, but they do not provide concrete ...

Microsoft Windows Remote Desktop Services 授权问题漏洞

Microsoft Windows Remote Desktop Services is a collection of features from Microsoft Corporation USA that allow users to remotely access graphical desktops and Windows applications. An authorization issue vulnerability exists in Microsoft Windows Remote Desktop Services that stems from an...

EUVD-2003-1004

Malware in sbrugna...

EUVD-2009-2760

Malware in sbrugna...

EUVD-2012-3697

Malware in sbrugna...

EUVD-2013-0991

Malware in sbrugna...