39 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-11259
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted...
DEBIAN-CVE-2026-11135
Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`
Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-002948)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002948 advisory. An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jumped over the stack...
CVE-2025-63022
Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through = 1.5.3...
EUVD-2024-32416
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed...
CVE-2025-55734
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...
CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
The vulnerability of TOTOLINK A3300R router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to bypass security restrictions and change Wi-Fi passwords.
The vulnerability of TOTOLINK A3300R router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and change the Wi-Fi password by resetting it on the /wizard.html or...
PT-2024-20521 · WordPress · Wps Hide Login
Name of the Vulnerable Software and Affected Versions: WPS Hide Login plugin for WordPress versions up to, and including, 1.9.15.2 Description: The issue is related to a bypass that allows attackers to discover hidden login pages when the action parameter is set to postpass. This makes it possibl...
PT-2024-15945 · WordPress · Simple Page Access Restriction
Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to, and including, 1.0.21 Description: The issue allows unauthenticated attackers to bypass page restrictions and view page content via the REST API. This is possible due to...
CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
DEBIAN-CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
openNDS Security Vulnerabilities
openNDS is a high-performance, small footprint portal system from openNDS open source. A security vulnerability exists in versions prior to openNDS 10.1.2 that originates from allowing a user to skip the startup page sequence when the default FAS key is used and OpenNDS is configured for FAS...
UBUNTU-CVE-2023-1224
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2021-30558
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chrome security severity: Medium...
Design/Logic Flaw
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-38168
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification...
CVE-2021-21172
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...