CVE-2026-34970

Summary: CVE-2026-34970 affects MantisBT, where versions 2.28.1 and earlier allow a bugnote author to view the Revisions page of a private issue after losing access to that issue. This undermines confidentiality by exposing private issue metadata on the Revisions page. Root cause (as described): ...

Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...

PT-2026-24363

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.14.24 through 3.19.3 Description An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull reque...

CVE-2023-40425

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information...

EUVD-2019-4039

Malware in sbrugna...

EUVD-2021-1643

Malware in sbrugna...

EUVD-2008-4668

Malware in sbrugna...

EUVD-2021-6550

Malicious code in bioql PyPI...

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

CVE-2025-7884

CVE-2025-7884 affects Eluktronics Control Center 5.23.51.41, specifically the REG File Handler. The underlying issue is insufficient verification of data authenticity, allowing a local-host attack. Public disclosure exists, and vendor response is noted as lacking. NVD reports a HIGH impact across...

CVE-2022-2146

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

CVE-2019-13267

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After i...

CVE-2024-46547

CVE-2024-46547 affects Wampserver (Romain Bourdon) versions 3.2.3 and 3.2.6. The issue arises from improper access-control validation on the PHP Info Page, allowing unauthorized users to access sensitive information. The documented impact is data leakage. No remediation details are provided in th...

BIT-GITEA-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue

Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...

GHSA-G95P-88P4-76CM Cross-site Scripting in Gitea

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

CVE-2021-28378

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...

MantisBT Information Disclosure Vulnerability (CNVD-2021-00827)

MantisBT is a lightweight, free and open source, web-based defect tracking system. An information disclosure vulnerability exists in MantisBT versions prior to 2.24.4. The vulnerability stems from a failure to check access to bugrevisionviewpage.php correctly. An attacker can exploit the...