1117 matches found
CVE-2025-13477
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
EUVD-2025-209910
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
CVE-2025-13477
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
Digital Operation Services WiFiBurada 安全漏洞
Digital Operation Services WiFiBurada is an application developed by Digital Operation Services. Versions of Digital Operation Services WiFiBurada dated before May 20, 2026, have security vulnerabilities. These vulnerabilities stem from the exposure of private personal information to unauthorized...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe function is only used for the DP83822 PHY; the private data pointer remains uninitialized for the smaller DP83825/26 models. While all uses of the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Net: FDDI – Fixed a UAF Use-after-Free issue in fzaprobe. “FP” is netdev private data, and it cannot be used after the freenetdev call. Using “FP” after freenetdev can cause a UAF bug. This issue was fixed by moving the freenetde...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintelpcie: Memory allocation for driver-private data was not performed. The issue was that the driver did not allocate memory for the struct btinteldata structure, which is used to store internal data...
CVE-2026-42031
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
GHSA-4G37-7P2C-38R9 Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
IDOR: Retrieval API Bypasses Knowledge Base Access Controls Author: Andrew Orr Summary validatecollectionaccess PR 22109 checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who...
CVE-2026-42032
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...
CVE-2026-42031
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...
CVE-2026-42032
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...
CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...
CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...
CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
WordPress plugin Broadstreet 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...