CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

CVE-2026-48611

CVE-2026-48611 describes improper authentication checks in an OAuth implementation that can allow account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations. The public records do not specify targeted products, versions, vendor names, o...

PT-2026-48826

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16 Description Improper authentication checks in the OAuth implementation allow remote unauthenticated account hijacking. This issue can lead to unauthorized access in default installations, even in cases where OAut...

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

CVE-2025-55462

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...

CVE-2025-67826

An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation LPE vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit...

CVE-2025-67826

An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation LPE vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit...

EUVD-2022-49970

Malicious code in bioql PyPI...

CVE-2025-6020

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

GHSA-WX24-VQRG-M6M5 VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

CVE-2024-25738

Vulnerability summary : Open Library Foundation VuFind versions 2.0–9.1 before 9.1.1 have a Server-Side Request Forgery (SSRF) in the /Upgrade/FixConfig route. The issue lets a remote attacker overwrite local configuration files and could lead to Remote Code Execution, enabled when allow_url_incl...

PT-2023-4089 · Pam Krb5 +2 · Pam Krb5 +2

Name of the Vulnerable Software and Affected Versions: pam krb5 affected versions not specified Description: The issue is related to the incorrect implementation of the authentication algorithm in the pam krb5 module. This allows an attacker to gain unauthorized access to the system by controllin...

Moodle Pre-Auth Remote Code Execution 0day Exploit

The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction. 0day exploit affecting recent versions of Moodle...

WordPress 5.9.0 core Remote Code Execution 0day Exploit

This python exploit allow remote code execution, work with default installations and should not require any authentication or user interaction...

PT-2019-17017 · Ibm · Ibm Storwize V7000 Unified

Name of the Vulnerable Software and Affected Versions: IBM Storwize V7000 Unified 2073 version 1.6 Description: The issue allows an attacker to reveal the server version in a default installation, which could be used in further attacks against the system. Recommendations: For IBM Storwize V7000...

WebEx Local Service Permissions Code Execution Exploit

This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...

WebEx - Local Service Permissions Exploit (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Local Service Permissions Exploit', 'Description' = %q This module exploits a flaw in the 'webexservice' Windows service, which runs as...

WebEx Local Service Permissions Exploit

This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...