Microsoft Windows Boot Manager 安全漏洞

Microsoft Windows Boot Manager is a UEFI application provided by Microsoft Corporation, used to configure the boot environment. There are security vulnerabilities in Microsoft Windows Boot Manager. Attackers can exploit these vulnerabilities to bypass certain functions. The following products and...

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

Microsoft Windows Virtualization-Based Security Enclave 访问控制错误漏洞

The Microsoft Windows Virtualization-Based Security Enclave is a software-based trusted execution environment within the host application address space provided by Microsoft. There is an access control vulnerability associated with the Microsoft Windows Virtualization-Based Security Enclave...

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

CVE-2026-28783 Craft has a Twig Function Blocklist Bypass

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either ha...

EUVD-2019-0801

Malware in sbrugna...

EUVD-2017-18251

Malware in sbrugna...

EUVD-2015-1376

Malware in sbrugna...

CVE-2025-8342

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...

Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-53168

Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness...

CVE-2023-28910

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number...

PT-2024-32447 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue relates to the bypass of directory traversal checks within the is in or equal function. The function, intended to check if a file resides within a given directory, can be bypassed with...

CVE-2023-48193

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to...

CVE-2023-5921 Function Bypass in Geodi

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

Desdev DedeCMS 代码问题漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A code issue vulnerability exists in...

[H1] Owner of frxETHMinter can rug pull the contract

Lines of code Vulnerability details Impact Owner of the contract is able to leave with all the tokens and ETH of the contract, which makes protocol trustless PoC You have implemented a function to function recoverEtheruint256 amount external onlyByOwnGov bool success, = addressowner.call value:...

CVE-2022-36085

A flaw was found in open-policy-agent. The Rego compiler provides a deprecated WithUnsafeBuiltins function, allowing users to provide a set of built-in functions that should be deemed unsafe and rejected by the compiler if encountered in the policy compilation stage. A bypass of this protection c...

CVE-2020-21525

Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

The vulnerability of the NTLMv2 network protocol implementation in Windows operating systems allows a hacker to carry out a “man-in-the-middle” type attack.

The vulnerability of the NTLMv2 network protocol implementation in Windows operating systems relates to the bypassing of security functions. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack by sending LMV2 responses...