CVE-2025-11750

CVE-2025-11750 affects langgenius/dify-web version 1.6.0. Multiple connected sources confirm an authentication flaw where login/registration error messages distinguish between non-existent vs. existing usernames or emails (e.g., “account not found”), enabling user enumeration. This can facilitate...

EUVD-2025-25633

Malicious code in bioql PyPI...

CVE-2025-5821

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

CVE-2025-5821

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

CVE-2025-5060

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

CVE-2025-5060 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

CVE-2025-5060

CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...

CVE-2025-5821

The CVE-2025-5821 case concerns the WordPress plugin Case Theme User (versions up to 1.0.3). The vulnerability is an Authentication Bypass caused by improper login handling in the facebook_ajax_login_callback() pathway, enabling unauthenticated attackers who have an existing site account and acce...

PT-2025-34523

Name of the Vulnerable Software and Affected Versions: Case Theme User plugin for WordPress versions prior to 1.0.4 Description: The Case Theme User plugin for WordPress is susceptible to an authentication bypass. This issue stems from the plugin's failure to correctly log in a user with data...

CVE-2024-10267

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...

Information Disclosure

livehelperchat is vulnerable to information disclosure. The vulnerability exists in forgotpasswordsent.tpl.php because the error message indicates the password reset email sent which allows an attacker to gain access to sensitive information of an existing account...

setAdmin function use one-phase owner transfership instead of two-phases safer ownership transfer

Handle mics Vulnerability details one-phase ownership transfer sometimes used wrong and the ownership is transferred to a not existing account. The safe way to use it is to suggest new owner and then the new owner should claim its ownership. InvestorDistribution line 212 --- The text was updated...

Code injection

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

Shopify: Shopify admin authentication bypass using partners.shopify.com

@uzsunny reported that by creating two partner accounts sharing the same business email, it was possible to be granted "collaborator" access to any store without any merchant interaction. We tracked down the bug to incorrect logic in a piece of code that was meant to automatically convert an...

ZTE ZXHN H108N R1A Privilege Bypass Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. A security vulnerability exists in ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE that allows remote attackers to authenticate using a pre-existing account and perform unauthorized operations by manipulating a paramete...