Shopper: Multiple data integrity and disclosure issues in admin Livewire components

Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - IDOR via unlocked properties. Several Livewire components in the admin panel exposed Eloquent model identifiers as public properties without the Locked attribute. An...

EUVD-2026-21103

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

Langflow is Missing Ownership Verification in API Key Deletion (IDOR)

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | src/backend/base/langflow/api/v1/apikey.py:44-53 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description The deleteapikeyroute endpoint accepts an apikeyid path parameter a...

CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter

Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...

EUVD-2013-0016

Malware in sbrugna...

EUVD-2023-40679

Malicious code in bioql PyPI...

EUVD-2022-2897

Malicious code in bioql PyPI...

EUVD-2024-3574

Malicious code in bioql PyPI...

CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability

...

CVE-2024-11286 WP JobHunt <= 7.1 - Authentication Bypass

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the csparserequest function. This makes it possible for unauthenticated...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), affinda (>=0.1.12 <=1.2.0) +104 more potentially affected by CVE-2024-35255 via azure-identity (>=1.0.1 <=1.16.0)

azure-identity PYPI version =1.0.1, =1.0.0, =0.1.12, =0.0.2, =1.1.89, =0.1.0b1, =0.21.2111.177147b1, =0.1.5, =1.0.0, =1.37.0, =1.0.0.124727, =0.0.7, =0.7.16, =0.6.23, =0.16.0, =0.0.8, =0.0.34 and more Source cves: CVE-2024-35255 Source advisory: OSV:GHSA-M5VV-6R4H-3VJ9...

CVE-2024-21319 Microsoft Identity Denial of service vulnerability

...

CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

Sun Identity Manager shell characters vulnerability

Shell characteres vulnerability via password...

CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation RMI over Internet Inter-ORB Protocol IIOP, does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in a...

CVE-2004-0124

The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."...

CVE-2004-0124

CVE-2004-0124 describes an information disclosure flaw in how Microsoft Windows COM object identifiers are created, enabling an attacker to coax a system into opening network ports via specially crafted RPC messages. This is part of MS04-012 RPC/DCOM updates; the impact is described as enabling a...