361 matches found
Parse Server's MFA recovery codes not consumed after use
Impact When multi-factor authentication MFA via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recover...
PT-2026-7461
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified Description IBM WebSphere Application Server may provide weaker than expected security. There is no information about the number of potentially affected devices worldwide or any...
CVE-2026-24996
Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through = 0.6.4...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to use easy-to-guess passwords, leading to unauthorized access...
CVE-2025-15411
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...
EUVD-2025-205728
Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.12...
PT-2025-52502
Name of the Vulnerable Software and Affected Versions code-projects Simple Stock System version 1.0 Description A flaw exists in code-projects Simple Stock System 1.0 related to the processing of the /market/signup.php file. Manipulation of the Username argument can result in SQL injection. This...
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...
PT-2025-48133
Name of the Vulnerable Software and Affected Versions Apache Druid versions prior to 35.0.0 Description The Apache Druid Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. The secret is generated...
UBUNTU-CVE-2025-11935
With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...
CVE-2025-55058
CWE-20 Improper Input Validation...
CVE-2025-27368
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond...
CVE-2025-12907
CVE-2025-12907 affects Google Chrome DevTools (in Chrome prior to 140.0.7339.80). The issue is insufficient validation of untrusted input in DevTools, enabling a remote attacker to achieve arbitrary code execution via user actions in DevTools. Connected sources confirm the vulnerability exists in...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty
Summary multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections...
CVE-2025-62710
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
Hash Chaining Degrades Security at Facebook
Modern web and digital application password storage relies on password hashing for storage and security. Ad-hoc upgrade of password storage to keep up with hash algorithm norms may be used to save costs but can introduce unforeseen vulnerabilities. This is the case in the password storage scheme...
PT-2025-41745
Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System affected versions not specified Description A security weakness exists in ProjectsAndPrograms School Management System up to commit 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The issue is related to...
EUVD-2017-10517
Malware in sbrugna...
EUVD-2017-1176
Malware in sbrugna...
EUVD-2017-10246
Malware in sbrugna...