PT-2026-1959

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...

PT-2026-2172

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.1.0 Description An authenticated attacker can modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The issue...

PT-2026-3410

Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...

PT-2026-1827

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A flaw exists in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice API endpoint that allows a remote attacker to create financial discrepancies. This is possible by purchasi...

CVE-2025-61546

CVE-2025-61546 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The issue is in the GetUnitPrice API at /PSP/appNET/Store/CartV12.aspx, caused by reliance on client-side input validation, allowing a remote attacker to create financial discrepancies by purchasing items with a negative ...

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

PT-2026-1687

A critical Arbitrary File Read vulnerability CVE-2023-50024 has been discovered in the jsPDF library, a popular JavaScript library for client-side PDF generation. Adobe CyberSecNews CyberSecurityAwareness DataSecurity Spyware...

CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...

PT-2026-1456

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...

Apache Kyuubi 安全漏洞

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

CVE-2025-64119 Nuvation Energy BMS Client-side Authentication

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

CVE-2025-64119

CVE-2025-64119 : A vulnerability in the Nuvation Battery Management System allows authentication bypass, affecting BMS versions up to 2.3.9. The entry is supported by other sources (Red Hat/EUVD) with the same description. The CVSSv4 metrics indicate critical impact (base score 9.3) across confid...

CVE-2025-62750 WordPress WooCommerce Parcelas plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Filipe Seabra WooCommerce Parcelas woocommerce-parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through = 1.3.5...

ASLR-bypass-simulation

ASLR Bypass Simulator An interactive educational web applicat...

CVE-2025-66103

CVE-2025-66103 corresponds to a vulnerability in WPCal.io (as reported by Wordfence) affecting version up to 0.9.5.9, described as an Authenticated (Contributor+) Stored Cross-Site Scripting via the events_list_grouped shortcode and patched. The initial description also mentions a DOM-based XSS i...

[SECURITY] [DLA 4428-1] mediawiki security update

Debian LTS Advisory DLA-4428-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2025 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.35.13-1+deb11u6 CVE ID : CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480 CVE-2025-67481...

Exploit for Improper Certificate Validation in Apache Http_Server

Uefiscdi-Gov-Ro-Vulnerability- UNTESTED PAYLOADS, WAF-BYPASS,...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

PT-2025-135: Local File Read in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...