BIT-TOMCAT-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

BIT-NATS-2026-33217 NATS allows MQTT clients to bypass ACL checks

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

EUVD-2001-1445

Malware in sbrugna...

EUVD-2016-5576

Malware in sbrugna...

EUVD-2023-43757

Malicious code in bioql PyPI...

EUVD-2024-37025

Malicious code in bioql PyPI...

EUVD-2025-9314

Malicious code in bioql PyPI...

CVE-2024-52928

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website...

PT-2025-27003 · Arc · Arc

Name of the Vulnerable Software and Affected Versions: Arc versions prior to 1.26.1 Description: The issue allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website, due to a bypass problem in the site settings. Recommendations: For...

CVE-2025-27672

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016...

CVE-2021-41527

An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...

CVE-2022-23553

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

WordPress WPS Hide Login Login Page Revealer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPS Hide Login Login Page Revealer', 'Description' = %q This module exploits a bypass issue with WPS Hide Login version 'WPVDB',...

CVE-2024-42850

Silverpeas contains a vulnerability in the password-change flow (affecting v6.4.2 and earlier) that allows bypassing password complexity requirements. This is described across multiple sources (CVE-2024-42850, Red Hat/CVE, GHSA advisory, OSV) as a critical issue. Impact: bypass of password rules ...

CVE-2024-23263

A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being...

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...

K000135921: Python urllib.parse vulnerability CVE-2023-24329

Security Advisory Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Impact F5 products do not ship with Python scripts that utilize the affected Python...

CVE-2023-30851 Potential HTTP policy bypass when using header rules in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...

CVE-2022-41874 Tauri Filesystem Scope can be Partially Bypassed

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

PT-2022-21763 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: A browse restriction bypass issue in the Address Book of Cybozu Office allows a remote authenticated attacker to obtain Address Book data via unspecified vectors. Recommendations: For...