EUVD-2026-25895

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.3, 2026.2.2, and 2026.3.0 contained a vulnerability related to information leakage. Thi...

CVE-2025-13539

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findallmembershipcheckfacebookuser' and the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: socat (UTSA-2025-986111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986111 advisory. readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. Tenable has extracted the preceding description block directly from the Unity Linux securit...

EUVD-2022-4914

Malicious code in bioql PyPI...

EUVD-2025-18385

Malicious code in bioql PyPI...

EUVD-2025-16186

Malicious code in bioql PyPI...

SUSE CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

Authd 安全漏洞

Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.5.4, which stems from a temporary user logging issue that could result in a user being incorrectly recognized as the root group...

CVE-2025-48061

CVE-2025-48061 affects the wire-webapp (Wire) web client. A regression in the session invalidation process allowed a user who logged out to be automatically re-authenticated when re-opening the app. This issue is present in versions up to but not including 2025-05-20-production.0; the underlying ...

F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

CVE-2023-2547

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces. The vulnerability can be exploited to crash the...

Apache Wicket Sensitive Data Exposure

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions...

CVE-2021-20025

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the...

Temporary User Profiles Received Instead of Citrix Profile Management Profiles

Citrix Profile Management has been installed and configured in the environment. A Citrix Profile Management Store has been setup for the users where their profiles should be stored. When a user logs in they are receiving a temporary windows user profile instead of a Citrix Profile Management...

CVE-2014-3526

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions...

Information disclosure

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions...

UPM 5.2: Getting temporary profiles

Getting temporary profiles...