CVE-2026-31944

LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP Model Context Protocol OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redire...

EUVD-2025-208318

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

VulnCheck KEV: CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

EUVD-2020-6257

Malware in sbrugna...

EUVD-2015-6682

Malware in sbrugna...

EUVD-2025-29122

Malicious code in bioql PyPI...

CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2024-46293

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...

Improper Restriction Of Security Token Assignment

github.com/KubeOperator/kubepi is vulnerable to Improper Restriction of Security Token Assignment. The vulnerability is due to an empty JWT key in the default configuration file, which allows for a bypass of the login verification and direct backend access...

JetBrains TeamCity 跨站请求伪造漏洞

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from a cross-site request forgery vulnerability that stems from not adequately verifying that a request is from a trusted...

Design/Logic Flaw

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

Arbitrary Password Reset Vulnerability in YCCMS V3.3

YCCMS is a version of PHP5 + MYSQL as the technical basis for the development of lightweight CMS station-building system. YCCMS V3.3 has an arbitrary password reset vulnerability. The vulnerability is due to the background change the administrator user password failed to verify the original...

Nanjing Wedding Information Technology Co., Ltd. wedding music APP has information leakage vulnerability

Wedding Fun APP is a one-stop wedding butler service platform that focuses on saving money on weddings. There is an information leakage vulnerability in Nanjing Wedding Information Technology Company Limited's Marriage Music APP. The vulnerability is due to the server returning verification code...

Snapchat Offers Users Optional Two-Factor Authentication

Snapchat’s popularity with teens doesn’t run in parallel with the opinion of security and privacy professionals wary of its practices in guarding users’ data. With the release of the latest version of the photo and video sharing app, Snapchat added an optional two-factor authentication feature th...

'TweetDeck Teams' Allows Managing Multiple Twitter Accounts Without Sharing Passwords

Many times organizations, companies and groups of people come across the problem when their social media teams have to work within a single Twitter account or maintain multiple twitter accounts. In this case, either they need to use some third party API-based services or they use TweetDeck...

Twitter Enables Two-Factor Authentication

Responding to a wave of high-profile account takeovers in recent months, Twitter has implemented a phone-based two-factor authentication scheme that will require a numerical code along with a username and password when users log in to their accounts. The feature, known as login verification, is...

Thousand Bo enterprise website management system HitCount. Asp page injection vulnerability-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...

Weeds weedcms 5.0 write horse vulnerability-vulnerability warning-the black bar safety net

The problem file in: includes/adminconfig.php the. This app login verification is a For each method to verify the login, instead of the entire file to verify. Or that sentence, see code. | if$do=='templateedit' $file=empty$GET'file'?": trim$GET'file'; ifgetext$file!=' html,'&&getext$file!=' css'...

Thousand Bo enterprise website management system Oday-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...