CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

EUVD-2001-0081

Malware in sbrugna...

EUVD-2013-1436

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-3863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and...

CVE-2025-3466 Unsanitized Input in langgenius/dify

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

CVE-2014-9593

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...

CVE-2025-31127

Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...

CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to...

CVE-2024-29841

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...

kernel: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

A vulnerability has been identified in the Linux kernel's Berkeley Packet Filter BPF subsystem. The flaw resides within the handling of PTRTOFLOWKEYS pointer to flow keys in the checkflowkeysaccess function. Specifically, while fixed offsets are validated for PTRTOFLOWKEYS, the system currently...

CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2023-6810

The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the getsettings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to...

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. PoC Install the plugin on a server that doesn't...

The vulnerability of the RGWPostObj_ObjStore_S3::get_params() function (rgw_rest_s3.cc) in the RGW storage service of the Ceph system allows a attacker to circumvent security restrictions and upload arbitrary files.

The vulnerability of the RGWPostObjObjStoreS3::getparams function rgwrests3.cc in the RGW storage service of the Ceph system is related to deficiencies in access control when processing bucket keys. Exploiting this vulnerability allows an attacker to bypass security restrictions and upload...

Broadcom RAID Controller Security Vulnerability

Broadcom RAID Controller is a series of RAID controllers from Broadcom USA. A security vulnerability exists in the Broadcom RAID Controller, which stems from a security flaw in the web interface that allows any local user on Linux to access encryption keys, leading to the disclosure of sensitive...

The vulnerability of the NGINX Agent and the NGINX Instance Manager automation platform, related to insufficient protection of registration data, allows a perpetrator to gain access to secret keys.

The vulnerability of the NGINX Agent and the NGINX Instance Manager automation platform is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain access to secret keys...

Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload...

PT-2022-23161 · Unknown · Rubygems.Org

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: A bug in the password and email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. This could enable the attacker to...

CVE-2022-34066

The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...