11200 matches found
PT-2026-22083
Name of the Vulnerable Software and Affected Versions Drupal Theme Negotiation by Rules versions prior to 1.2.1 Description A Cross-Site Request Forgery CSRF issue exists in the Theme Negotiation by Rules module. The module allows site builders to create “theme rule” config entities to render pag...
Password managers keep your passwords safe, unless…
I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password...
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-2974
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2025-14547 ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs
An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...
CVE-2025-14547
CVE-2025-14547 : An integer underflow in Silicon Labs’ PSA Crypto and SE Manager EC‑JPAKE APIs during ZKP parsing can trigger a hard fault, causing a temporary denial of service. Affected: Silicon Labs PSA Crypto and SE Manager EC‑JPAKE APIs. Root cause: integer underflow during ZKP parsing. Impa...
CVE-2026-25402
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...
PT-2026-21016
Name of the Vulnerable Software and Affected Versions Silicon Labs PSA Crypto and SE Manager versions affected versions not specified Description An integer underflow issue exists in the EC-JPAKE APIs during ZKP parsing within Silicon Labs’ PSA Crypto and SE Manager implementation. Exploitation o...
Silicon Labs Gecko SDK和Silicon Labs Simplicity SDK 安全漏洞
The Silicon Labs Gecko SDK GSDK and Silicon Labs Simplicity SDK are both open-source products from Silicon Labs. The Silicon Labs Gecko SDK is a library that combines the Silicon Labs wireless software development kit SDK with the Gecko platform into an integrated software package. The Silicon La...
Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)
Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v22.1 Release – February 2026 (KB5080681)
Update Rollup for Azure File Sync agent version 22.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
CVE-2026-25402
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...
CVE-2026-25402 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...
CVE-2026-25402
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...
CVE-2026-25402
CVE-2026-25402 affects the WordPress plugin “Knowledge Base for Documentation, FAQs with AI Assistance” (echo-knowledge-base) up to version 16.011.0. Root cause is Missing Authorization / broken access control allowing exploitation due to incorrectly configured access levels. Impact is limited to...
CVE-2026-25402 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...
WordPress plugin Knowledge Base for Documentation, FAQs with AI Assistance 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-20730
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...
CVE-2026-2555
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...
Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers
Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...