WSO2 Identity Server 资源管理错误漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. There is a resource management vulnerability in WSO2 Identity Server. This vulnerability arises from accepting multiple invalid authentication requests without proper rate limiting or resource contro...

CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

MiracleLinux 3 : postfix-2.3.3-2.11.0.1.AXS3 (AXSA:2011-221:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-221:03 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-1720 The SMTP server in Postfix...

EUVD-2012-5232

Malware in sbrugna...

EUVD-2014-2595

Malware in sbrugna...

EUVD-2017-2806

Malware in sbrugna...

EUVD-2009-5095

Malware in sbrugna...

EUVD-2023-54341

Malicious code in bioql PyPI...

EUVD-2025-24834

Malicious code in bioql PyPI...

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

ESPEC North America Web Controller 3 安全漏洞

ESPEC North America Web Controller 3 is a laboratory equipment monitoring software from ESPEC North America. A security vulnerability exists in ESPEC North America Web Controller versions prior to 3 3.3.4, which stems from an invalid authentication request resulting in a JWT key disclosure that...

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

CVE-2025-27845

CVE-2025-27845 affects ESPEC North America Web Controller, versions prior to 3.3.4. An invalid authentication request to /api/v4/auth/ exposes the JWT secret, permitting elevated permissions to the UI. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation: upgrade to 3.3.4 or later (per PT-2025-...

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

OESA-2024-2049 booth security update

Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in Pacemaker. Security Fixes: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is...

OESA-2024-2050 booth security update

Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in Pacemaker. Security Fixes: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is...

AZL-42530 CVE-2024-3049 affecting package booth 1.0-8

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...