EUVD-2026-9173

On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...

openssl security update

3.5.1-7.0.1 - Replace upstream references Orabug: 34340177 - Update FIPS provider name Orabug: 35824276 1:3.5.1-7 - Fix CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-227...

PT-2024-16821 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress versions up to, and including, 4.1.3 Description: The issue is related to...

WordPress EmbedPress plugin <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'providername' vulnerability discovered by Max Boll b0lli in WordPress Plugin EmbedPress versions = 4.1.3...

GO-2024-2608 Minder access control bypass in github.com/stacklok/minder

A Minder user can use the endpoints to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. The DB query used checks by repo owner, repo name and provider name which is always "github". These query values are not distinct for the particular...

DomainMOD 4.11.01 ssl-provider-name Cross Site Scripting

Exploit Title : DomainMOD 4.11.01 and before - 'ssl-provider-name' Cross-Site Scripting Author Discovered By : Mohammed Abdul Raheem Company Name : TrekShield IT Solutions Date : 14-02-2019 Vendor Homepage : https://domainmod.org/ Software Information Link : https://github.com/DomainMod/DomainMod...

DomainMOD cross-site scripting vulnerability (CNVD-2019-07963)

DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. DomainMOD 4.11.01 suffers from a cross-site scripting vulnerability that can be exploited by an attacker via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider UR...

Default credentials

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...

Veeam Cloud Connect - Compiling Provider/Tenant Logs for Support Cases

Veeam Service Provider Console 8 New Feature Starting in Veeam Service Provider Console 8, it is now possible for Service Providers to create a support case from within the Veeam Service Provider Console console. This new feature also includes automatic log collection during case creation. Purpos...

Ipsilon Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers. A denial of service vulnerability exists in Ipsilon version 0.1.0 prior to 1.0.1. It allows an authenticated remote user to cause a denial of service via a duplicate SP name...