CVE-2026-0241

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of hardcoded credentials, which could allow access to functions that are not properly constrained by ACLs...

CVE-2025-11986 Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State

The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...

The Bug Report - August 2024 Edition

The Bug Report - August 2024 Edition By Jonathan Omakun · August 26, 2024 Why am I Here August isn’t just about heat waves and summer getaways for the Northern Hemisphere; it’s also when things get serious for students and cybersecurity pros. As organizations prep for the end of the fiscal year,...

CVE-2019-4579

IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236...

CVE-2019-4579

IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236...

CVE-2020-10693

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

Input validation

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

CVE-2019-4637

IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043...

X (Formerly Twitter): [Bypass fixed #664038 and #519059] Application settings change settings that have been set by the user

I have reported this bug in report 681361 so that you make a FULL fix, but you refused considered duplicate and I have to wait for report 664038 to be resolved, now I come again to report the bug. The settings for "protected tweets" that have been set from another application accidentally change...

Bypassing Email Security Controls (P1: URL Scanning)

The post Bypassing Email Security Controls P1: URL Scanning appeared first on Rhino Security Labs...