CVE-2026-2631 Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation

The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option datalogicstoken without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform...

CVE-2025-40571

A vulnerability has been identified in Mendix OIDC SSO Mendix 10.12 compatible All versions V4.0.1, Mendix OIDC SSO Mendix 9 compatible All versions V3.3.1, Mendix OIDC SSO V4.2 Mendix 10 compatible All versions V4.2.1, Mendix OIDC SSO V4.3 Mendix 10 compatible All versions. The Mendix OIDC SSO...

EUVD-2020-23798

Malware in sbrugna...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to plaintext token modification due to the krb5 package (CVE-2024-37370)

Summary krb5 is used by DataStage on Cloud Pak for Data as part of network authentication. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the...

Attacking Interpretable NLP Systems

Studies have shown that machine learning systems are vulnerable to adversarial examples in theory and practice. Where previous attacks have focused mainly on visual models that exploit the difference between human and machine perception, text-based models have also fallen victim to these attacks...

GHSA-2XCC-VM3F-M8RW @lobehub/chat Server Side Request Forgery vulnerability

Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...

EulerOS Virtualization 2.12.0 : krb5 (EulerOS-SA-2024-2770)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token after its deployment. This ability is due to the inheritance of the setData function from ERC725YCore.sol implemented in...

IdentityModel 安全漏洞

Scott Brady IdentityModel is a Scott Brady open source application. A library of helper programs for tokens and encryption. A security vulnerability exists in IdentityModel before 1.3.0, which can be exploited by an attacker to modify and forge authentication tokens...

CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, ...