CVE-2026-3020

Identity based authorization bypass vulnerability IDOR that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other...

CVE-2026-3020 Identity based authorization bypass vulnerability (IDOR) in the Wakyma application web

Identity based authorization bypass vulnerability IDOR that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other...

PT-2026-25669

Identity based authorization bypass vulnerability IDOR that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other...

EUVD-2009-2332

Malware in sbrugna...

EUVD-2021-31642

Malicious code in bioql PyPI...

CVE-2025-54390

Zimbra Collaboration (ZCS) CVE-2025-54390 is a CSRF in ResetPasswordRequest when zimbraFeatureResetPasswordStatus is enabled. An attacker can trick an authenticated user into visiting a malicious page that silently sends a crafted SOAP request to reset the user’s password due to missing CSRF toke...

PT-2025-38161

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration affected versions not specified Description: A Cross-Site Request Forgery CSRF vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration ZCS when the zimbraFeatureResetPasswordStatus attribute is...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration that stems from a lack of CSRF token validatio...

Ubuntu: Security Advisory (USN-7688-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder and org.apache.jspwiki, jspwiki-war are vulnerable to cross-site request forgery CSRF. A remote attacker is able to trigger an CSRF attack on the Image plugin via sending a specifically crafted request, which allows a group privilege escalation of the attacker's...

Facebook Caught Asking Some Users Passwords for Their Email Accounts

Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account...

Photo Vault 1.2 Brute Forcing Issue

Document Title: =============== Photo Vault v1.2 iOS - Insecure Authentication Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2110 Release Date: ============= 2018-01-16 Vulnerability Laboratory ID VL-ID:...

CVE-2017-8821

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service application hang via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the...

A new kind of Apple phishing scam

In a recent blog post, Felix Krause revealed a method for phishing Apple ID passwords on iOS that would be quite indistinguishable from a real iOS password request. This got us thinking about the ramifications—how else could this tactic be used in the Apple ecosystem, and what kind of damage coul...

bitbucket attempted security breach

Bitbucket https://bitbucket.org/socialauth/migrate/?next=/ is asking for my atlassian password. Asking for a password for another website is at best bad practice...

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...

CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue,...