CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

EUVD-2026-8789

ZITADEL's truncated opaque tokens are still valid...

CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

EUVD-2013-6225

Malware in sbrugna...

EUVD-2007-2183

Malware in sbrugna...

EUVD-2022-27215

Malicious code in bioql PyPI...

EUVD-2022-37165

Malicious code in bioql PyPI...

EUVD-2022-0095

Malicious code in bioql PyPI...

Child predators are lurking on dating apps, warns report

Using a dating app? Beware of your potential partner's motives. A report from Edinburgh University warns that child abusers are using these apps to find single parents with vulnerable children. The Searchlight 2025 report, from the University's Childlight Global Child Safety Institute, analyses t...

CVE-2022-22061

Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

SUSE CVE-2005-2173

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via processbug.cgi...

DeFi Startup AllianceBlock Debuts Trustless ID Verification Service For Dapps

By Waqas The new service is meant to solve the problem of trustlessly sharing identity data. This is a post from HackRead.com Read the original post: DeFi Startup AllianceBlock Debuts Trustless ID Verification Service For Dapps...

Design/Logic Flaw

Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

PT-2022-15211 · Qualcomm · Snapdragon Connectivity +2

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to out of bounds writing while verifying device IDs due to an improper length check before copying the data. This affects Snapdragon Compute, Snapdragon...

Watch out! Tinder and Grindr users targeted by cruel scammers using real abuse photos

A horrible catfishing scam is using real abuse photos in order to lure in unsuspecting victims on sites like Tinder and Grindr. Recently unearthed by Bleeping Computer, it works like this: Boy meets good-looking girl on dating site. The longer they talk, boy notices the conversation turning into ...

GHSA-86CV-9GPX-6HWJ Openstack Aodh can be used to launder Keystone trusts

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...

dnslib 安全漏洞

dnslib is an open source Python library for encoding/decoding DNS wired format packets. A security vulnerability exists in dnslib that stems from the fact that the dnslib package does not verify that the ID value in a DNS reply matches the ID value in a query...

Twitter says it out loud: Removing anonymity will not stop online abuse

An investigation by Twitter into racist tweets levied against three Black players on the English football team following the national hopefuls’ loss against Italy last month revealed that anonymity played almost no role in whether users posted abusive comments from their accounts. The analysis,...

CVE-2017-17149

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...