61134 matches found
EUVD-2026-29048
ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
EUVD-2025-209760
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...
EUVD-2025-209756
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
CVE-2025-10470
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...
CVE-2026-40990
creationtimestamp| type| source ---|---|--- 2026-05-11 12:05:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mllabzqe2i2x...
CVE-2026-35157
creationtimestamp| type| source ---|---|--- 2026-05-11 11:28:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mll67js4bf2p 2026-05-25 14:02:52+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mmonescdwk2f...
CVE-2025-8325
creationtimestamp| type| source ---|---|--- 2026-05-11 10:42:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mll3n2jvlm2e...
CVE-2025-10470
CVE-2025-10470 affects WSO2 Identity Server's Magic Link authentication flow. The vulnerability arises because the flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, causing uncontrolled memory usage growth. This can lead to a denial-of-servi...
CVE-2025-10470 Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...
CVE-2025-10470 Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...
CVE-2025-10470
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...
CVE-2025-10908
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...
CVE-2025-10908
CVE-2025-10908 affects WSO2 Identity Server. The root cause is a lack of user account state validation during authentication, allowing locked accounts to be authenticated via Magic Link or Pass Key and bypass the account-lock mechanism. This can lead to unauthorized access to applications and dat...
CVE-2025-10908 Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...
CVE-2026-8270
creationtimestamp| type| source ---|---|--- 2026-05-11 07:26:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlkqopo57u2i...
CVE-2026-8269
creationtimestamp| type| source ---|---|--- 2026-05-11 07:21:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlkqfraxn62p...
CVE-2026-8275
creationtimestamp| type| source ---|---|--- 2026-05-11 07:16:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlkq4stzu62p...
CVE-2026-8272
creationtimestamp| type| source ---|---|--- 2026-05-11 07:11:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlkptugi622e...
CVE-2026-8268
creationtimestamp| type| source ---|---|--- 2026-05-11 06:44:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlkodcdazm2e...