web-application-security-testing-tool

web-application-security-testing-tool A Python-based Web Appli...

EFW Framework 安全漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the “readonly” flag only...

CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

CVE-2025-65780

CVE-2025-65780 affects Wekan up to version 18.15 (fixed in 18.16). The issue allows an authenticated user to modify their entire user document (including orgs/teams and loginDisabled) due to missing server-side authorization checks, enabling privilege escalation and unauthorized access to other t...

EUVD-2025-35159

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

CVE-2025-10640 Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

EUVD-2025-35082

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations view/delete/modify on files created by other users...

TestSSL 3.0.10

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...

U.S. Dept Of Defense: 2FA Bypass via Response Manipulation on Login Page

A vulnerability was discovered in the Two-Factor Authentication 2FA mechanism of the website. The vulnerability allowed bypassing the 2FA verification process by intercepting and manipulating the server's response. As a result, an attacker could gain unauthorized access to an account after...

GHSA-45CJ-F97F-GGWV Synapse does not apply enough checks to servers requesting auth events of events in a room

Impact Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorisation events of events in a room. This is necessary so that a homeserver receiving some events can validate that those...

Synapse does not apply enough checks to servers requesting auth events of events in a room

Impact Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorisation events of events in a room. This is necessary so that a homeserver receiving some events can validate that those...

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

PT-2022-13046 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue is related to Cross-Site Request Forgery CSRF. Specifically, a CSRF issue is found in the audit configuration under settings, where no CSRF token validation is performed on...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Samba update (USN-4559-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4559-1 advisory. Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker...

How to troubleshoot “Cannot Start App” or “Cannot start Desktop” when launching an App or Desktop

Note: This is a master overview article. The solutions for each of the root causes is present in child articles shown in the following tables. The following error is displayed when launching an app “Cannot start App” or desktop: “Cannot start Desktop” Where to Start Troubleshooting Do you get the...

Moab Workload Manage 7.2.9 / 8 User Impersonation Vulnerability

Moab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability. Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick...

Apple Mac OS X 2008-002更新修复多个安全漏洞

BUGTRAQ ID: 28304 CVECAN ID:...