CVE-2026-9792

A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

CVE-2026-1693 Use of vulnerable Resource Owner Password Credentials flow

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

EUVD-2006-1829

Malware in sbrugna...

EUVD-2022-34575

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15....

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the reuse of starting credentials that do not regenerate between separate CR dependencies AMQPASSWORD, AMQUSER, AMQCLUSTERPASSWORD, and AMQCLUSTERUSER. An attacker can gain unauthorized access...

CVE-2022-2303

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Passwo...

Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords

Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected…...

Out-of-bounds

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Passwo...

Information Disclosure

raneto is vulnerable to information disclosure. The vulnerability exists in the credentials function in config.default.js due to password credentials stored in plaintext which allows an attacker to gain access to the system via brute-forcing the user password...

PT-2022-15796 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.0.5 GitLab CE/EE versions 15.1 prior to 15.1.4 GitLab CE/EE versions 15.2 prior to 15.2.1 Description: An issue has been discovered that may allow group members to bypass 2FA enforcement enabled at the group...

Default credentials

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

Used to bypass the posture formed SSRF acquiring India's biggest stock broker company AWS password credentials-vulnerability warning-the black bar safety net

Hello everyone, today share of it is the author in response to India's biggest stock broker company for security testing, by different levels of the bypassing techniques Bypass, and eventually acquired the company AWS password credentials in the process. Where to WAF bypassing, as well as further...

SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users

U.S. online fashion retailer SHEIN has admitted that the company has suffered a significant data breach after unknown hackers stole personally identifiable information PII of almost 6.5 million customers. Based in North Brunswick and founded in 2008, SHEIN has become one of the largest online...

CVE-2006-1829

EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving 1 connection caches, 2 open password prompts, and 3 stored custom connection profiles...

Open redirect

EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving 1 connection caches, 2 open password prompts, and 3 stored custom connection profiles...

CVE-2006-1829

CVE-2006-1829 affects Sybase EAServer Manager (versions 5.2 and 5.3). The issue allows remote authenticated users (potentially guests) to obtain password credentials of arbitrary users through unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom co...

CVE-2006-1829

EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving 1 connection caches, 2 open password prompts, and 3 stored custom connection profiles...

Improper access control

Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...