CVE-2026-34931

Affected software: hoppscotch open source API development ecosystem. Root cause: open redirect via improper loopback redirect_uri validation in the device-login flow, leading to token exfiltration. Impact: attacker could sign in as the victim using stolen tokens. Remediation: fixed in version 202...

CVE-2026-34931 hoppscotch: Improper loopback redirect_uri validation in device-login flow

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0...

CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

PT-2026-26037

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

EUVD-2025-31613

Malicious code in bioql PyPI...

GHSA-M93W-4FXV-R35V PocketBase performs password auth and OAuth2 unverified email linking

In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email it is unverified - at some later point in time the targeted user stumble on your app and decides to sign-up with...

Design/Logic Flaw

Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other devices stays logged ...

Qnap Systems QNAP HBS 3 Authorization Issues Vulnerability

Qnap Systems QNAP HBS 3 is an application from China Weilian Qnap Systems. A comprehensive data backup and disaster recovery solution. An authorization issue vulnerability exists in HBS 3 Hybrid Backup Sync that stems from a failure to perform adequate authorization checks. An attacker could use...

Weak Password Vulnerability at Network Device Logins at Riptide Networks, Inc.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products and storage. A weak password vulnerability exists in the network equipment login of...

D-Link DGS-1210-28 Denial Of Service

Exploit Title: D-Link DGS-1210-28 Denial of Service Date: 18 Sep 2020 Exploit Author: Saeed Reza Zamanian Product : D-Link DGS-1210-28 Vendor Homepage: https://www.dlink.com/ Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch Version : DGS-1210-28...

CVE-2017-14262

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...