23 matches found
Why browsing with Opera’s VPN is safer
Security Why browsing with Opera’s VPN is safer Share May 29th, 2026 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...
Scam-checking just got a lot easier: Malwarebytes is now in Claude
For years, Malwarebytes has protected people by going where they are, and where people are today is increasingly within AI tools. As these chatbots tackle more everyday questions—like what to wear for an interview, how to replace a pendant light in the home, and where to eat during upcoming...
EUVD-2026-23599
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
CVE-2026-33933
OpenEMR CVE-2026-33933 affects versions 7.0.2.1 through 8.0.0.2 (up to but not including 8.0.0.3). A reflected XSS in the custom template editor arises from an unescaped contextName parameter, allowing an attacker to execute arbitrary JavaScript in an authenticated staff member’s browser session ...
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
EUVD-2026-16040
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...
PT-2026-7819
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...
CVE-2026-24436
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...
CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...
📄 Soosyze CMS 2.0 Brute Forcer
Soosyze CMS version 2.0 authentication brute forcing tool that leverages an absence of rate limiting on the /user/login endpoint. ============================================================================================================================================= | Title : Soosyze CMS 2.0...
GL.iNet AX1800 安全漏洞
The GL.iNet AX1800 is a wireless router from China's Guanglian Intelligent Communication GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a lack of rate limiting or account locking mechanism in the authenticated endpoints, which could lead t...
Why browsing with Opera’s VPN is safer
Security Why browsing with Opera’s VPN is safer Share July 10th, 2025 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...
CVE-2024-6695
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...
CVE-2024-42173
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known...
CVE-2024-6695
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...
VulnCheck KEV: CVE-2024-6695
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...
WP EasyPay < 4.1 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...
CVE-2021-38486
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...