CVE-2026-56212

Capgo has a authentication logic flaw where a user who can manage team/organization security settings can enable mandatory 2FA for all members without validating their own 2FA status. This may lead to inconsistent security enforcement, administrative misuse, and potential lockout risk for team me...

EUVD-2024-0685

Malicious code in bioql PyPI...

CVE-2024-41592

creationtimestamp| type| source ---|---|--- 2024-10-03 21:38:19+00:00| seen| https://t.me/cvedetector/6931 2024-12-16 13:40:18+00:00| seen| https://t.me/truesecator/6544 2025-01-10 22:09:32+00:00| seen| https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lfg7gqembb2q...

CVE-2023-27263 IDOR: Accessing playbook runs via the Playbooks Runs API

A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of...

Improper Authorization lead a user add an arbitrary agent into Team

Description A Vulnerability in edit team function lead an user add another user via ID to Team, alternatively know the email of every user in Chatwoot Step to reproduce - login to the app -navigate to the Team setting: https://app.chatwoot.com/app/accounts/id/settings/teams/list -Create new or ed...

[SECURITY] Fedora 35 Update: gopass-1.13.1-2.fc35

The slightly more awesome standard unix password manager for teams...

Joomla! paGO Commerce 2.5.9.0 SQL Injection

Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...

A week in security (February 11 – 17)

Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for...

Linux-HA Heartbeat 1.2.3/2.0.x Insecure Default Permissions on Shared Memory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19186/info Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service. Exploitation would most likely result in a system crash, loss of data, a...

Joomla Component com_jr_tfb LFI

A simple LFI Vulnerability Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Linux-HA Heartbeat Insecure Default Permissions on Shared Memory Vulnerability

No description provided by source. / Intruders Tiger Team Security http://www.intruders.org.br/ Heartbeat 2.0.6 Insecure Shared Memory - Local Denial of Service. Credits: Yan Rong Ge, see link below: http://secunia.com/advisories/21162/ Tested on Heartbeat 2.0.5. Thanks for Wendel Guglielmetti,...