CVE-2026-33667 OpenProject: 2FA OTP Verification Missing Rate Limiting

OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirmotp action of the twofactorauthentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing bruteforceblockafterfailedlogins setting...

EUVD-2019-14247

Malware in sbrugna...

CVE-2024-47768

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

CVE-2024-12776

In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...

CVE-2024-48288

TP-Link TL-IPC42C V4.0202112271.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend...

Lif Authentication Server 授权问题漏洞

Lif Authentication Server is a Lif Platforms open source server for authenticating Lif account logins, administrative information, and account recovery. An authorization issue vulnerability exists in Lif Authentication Server version 1.7.2 and prior versions that stems from a failure to check to...

SUSE-SU-2024:0804-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...

Misuse of a Boolean constant

Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...

Stack overflow

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code...

Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...

transcoject.com Improper Access Control vulnerability OBB-1224075

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2019-4640

IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046...

CVE-2017-1405

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392...

Path traversal

Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...

CVE-2017-1267

IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742...

CVE-2016-3016

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code...

CVE-2016-3016

CVE-2016-3016 affects IBM Security Access Manager for Web (and related appliances) where code origin/integrity is not sufficiently verified before processing patches, backups or updates. This could allow an authenticated attacker to load malicious code. Affected products include IBM Security Acce...

Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and...

ecshop一处设计缺陷可以被二次利用

简要描述： ecshop一处设计缺陷导致可以被二次利用。关于管理员密码那些事。 详细说明： 本文前提 已经获得管理员密码的MD5！ 不知道从那个版本开始ec管理员密码加密方式发生了一些变化 $ecsalt=rand1,9999; md5md5$pwd.$ecsalt; 对于通过注入得到md5的兄弟们标识压力山大啊！爆破无望。 不过。。ec后台的找回密码给了大家希望。 这个Bug 很明显 可能已经被长期利用 下面看代码 admin/getpassword.php 138行 / 验证新密码，更新管理员密码 / elseif !empty$POST'action' && $POST'actio...

Struts2 and Webwork remote command execution vulnerability analysis-vulnerability warning-the black bar safety net

The vulnerability discovered by the publisher of the POC, and can not affect the xwork 2.1.2 prior to some versionthis version before some of the versions below will be collectively referred to as the old version, then called the new version, such as struts 2.0.14that is, the struts patch A N...