CVE-2025-25298 Missing Maximum Password Length Validation in Strapi Password Hashing

Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently truncated. A user can create an account...

PT-2025-41720

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management Doors Next versions 7.0.2 through 7.1 Description An authenticated user on the network may be able to delete comments from other users. This is due to client-side enforcement of server-side security...

lemlist: Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries

An authorization issue was discovered in the application that allowed a tenant admin to change the password of another user within the same tenant, including invited agency accounts. The victim had to first accept the invitation before the attacker could proceed. The issue could allow unintended...

EUVD-2021-0331

Malware in sbrugna...

EUVD-2013-4963

Malware in sbrugna...

EUVD-2017-7821

Malware in sbrugna...

EUVD-2016-0831

Malware in sbrugna...

EUVD-2020-4580

Malware in sbrugna...

EUVD-2018-3130

Malware in sbrugna...

EUVD-2015-5033

Malware in sbrugna...

EUVD-2018-8299

Malware in sbrugna...

EUVD-2005-4409

Malware in sbrugna...

EUVD-2019-15176

Malware in sbrugna...

EUVD-2020-2971

Malware in sbrugna...

EUVD-2021-22161

Malware in sbrugna...

EUVD-2021-19481

Malware in sbrugna...

EUVD-2007-6154

Malware in sbrugna...

EUVD-2012-4030

Malware in sbrugna...

EUVD-2014-9692

Malware in sbrugna...

EUVD-2014-9587

Malware in sbrugna...