CVE-2026-42602

The CVE affects opentelemetry-collector-contrib’s azureauthextension in versions 0.124.0–0.150.0. The root cause is that Authenticate performs a token equality check against a token minted by the collector’s own credential, using the client-supplied Host header to set the scope, and does not vali...

PT-2025-39320

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0 Description Horilla, a Human Resource Management System HRMS, has an issue where the file upload process lacks server-side validation. Client-side validation can be bypassed, allowing an attacker to upload an...

CVE-2025-9467 Possibility to bypass file upload validation on the server-side

When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...

CVE-2024-32512

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20...

PT-2025-16148 · Crates.Io · Surrealdb

SurrealDB offers http functions that can access external network endpoints. A typical, albeit not recommended configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, surreal start --allow-net --deny-net 10.0.0.0/8 will allow a...

WombatDialer 安全漏洞

WombatDialer is a powerful predictive dialer for Asterisk PBX from WombatDialer. A security vulnerability exists in WombatDialer versions prior to 25.02 that stems from a server-side access control bypass that could result in unauthorized calls to services...

PT-2025-6738 · Unknown · Wombatdialer

Name of the Vulnerable Software and Affected Versions: WombatDialer versions prior to 25.02 Description: A Server-Side Access Control Bypass issue could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the...

SUSE CVE-2005-4077

Multiple off-by-one errors in the cURL library libcurl 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that 1 are malformed in a way that prevents a terminating null byte from being added to...

File Upload Vulnerability in QYKCMS Version 4.3.2

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS 4.3.2 version of the file upload vulnerability, the vulnerability stems from the server side did not filter the file content, the attacker can bypass the client-side detection of the direct...