CVE-2026-31788

The CVE-2026-31788 entry describes a vulnerability in the Linux kernel related to the Xen privcmd driver. The privcmd interface could allow a user-space process to issue hypercalls that affect other domains, which is normally restricted to root. In secure-boot scenarios, an unprivileged domU coul...

EUVD-2024-16661

Malicious code in bioql PyPI...

EUVD-2023-23489

Malicious code in bioql PyPI...

CVE-2024-0879

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2005-2524

Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site...

GHSA-X39X-9QW5-GHRF Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...

CVE-2024-39320

CVE-2024-39320 affects Discourse. According to the connected Red Hat and OSV entries, the vulnerability allows an attacker to inject iframes from any domain by bypassing the allowed_iframes setting. The issue is fixed in Discourse versions 3.2.5 and 3.3.0.beta5. The available sources confirm the ...

CVE-2024-1347 Authentication Bypass by Spoofing in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restriction...

CVE-2024-29033

CVE-2024-29033 concerns GoogleOAuthenticator.hosted_domain in OAuthenticator for JupyterHub. The root issue is that prior to version 16.3.0 the restriction was applied to Google accounts by email domain rather than guaranteed membership in a Google organization/workspace, allowing accounts create...

PT-2024-22686

Name of the Vulnerable Software and Affected Versions oauthenticator versions prior to 16.3.0 Description The issue is related to the GoogleOAuthenticator.hosted domain parameter, which is intended to restrict access to Google accounts that are part of one or more Google organizations verified to...

BIT-GITLAB-2020-13275

A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1...

CVE-2024-0879

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

Authentication flaw

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879 Authentication bypass in vector-admin domain restriction

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879 Authentication bypass in vector-admin domain restriction

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address...

CVE-2024-0879

CVE-2024-0879 describes an authentication bypass in vector-admin where a user can register to a vector-admin server while domain restriction is active, even without owning an authorized email address. The vulnerability affects vector-admin’s authentication flow and is documented across multiple s...

VectorAdmin Authorization Issues Vulnerability

VectorAdmin is a generalized suite of tools for vector database administration. VectorAdmin suffers from an authorization issue vulnerability that stems from the inclusion of an authentication bypass in vector-admin that allows a user to register to vector-admin while domain restriction is active...

Design/Logic Flaw

Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets...

PT-2022-25140 · Fortinet · Fortimail

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.0 through 7.2.0 Description: The issue allows an authenticated admin user assigned to a specific domain to access and modify other domains' information via insecure direct object references IDOR. This is due to an imprope...