CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

PaperCut NG < 24.1.9 / 25.x < 25.0.10 Race Condition (CVE-2026-6180)

The version of PaperCut NG installed on the remote Windows host is prior to 24.1.9 or 25.x prior to 25.0.10. It is, therefore, affected by a vulnerability: - A race condition exists in PaperCut NG/MF when processing badge-swipe data from certain HP multifunction devices. Under specific network...

PT-2026-36982

Name of the Vulnerable Software and Affected Versions PaperCut MF affected versions not specified Description A race condition occurs when processing badge-swipe data from specific HP multifunction devices. Under certain network conditions involving dropped packets and out-of-order sequence...

PaperCut MF 输入验证错误漏洞

PaperCut MF is a multi-functional printer control software developed by the Australian company PaperCut. There is an input validation vulnerability in PaperCut MF, which stems from race conditions when processing card data from certain HP multifunctional devices. Under specific network conditions...

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the send process. An attacker can interact with unauthorized child sessions by exploiting insufficient enforcement of controlScope restrictions. Remediation...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.29 and 8.6.49 have a licensing issue vulnerability. This vulnerability stems from an empty authData object, which can...

CVE-2018-18819

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 7.3.0.601 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP2 8.0.2.202, and MiVoice Business Express versions 7.3 PR3 7.3.1.302 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP1 8.0.2.202, could allow creation of...

WordPress plugin eRoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2020-4830

Malware in sbrugna...

CVE-2022-22237

An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to...

PT-2022-23542 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 3.6.2 Description: A hard-coded JWT key was found in the project config file of Novel-Plus, allowing attackers to create a custom user session. Recommendations: For Novel-Plus version 3.6.2, consider removing the hard-coded...

Authentication flaw

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being...

CVE-2018-18819

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 7.3.0.601 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP2 8.0.2.202, and MiVoice Business Express versions 7.3 PR3 7.3.1.302 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP1 8.0.2.202, could allow creation of...

CVE-2013-3737

The MobileUI aka RT-Extension-MobileUI extension before 1.04 in Request Tracker RT 4.0.0 before 4.0.13, when using the file-based session store Apache::Session::File and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and cache...

Design/Logic Flaw

The MobileUI aka RT-Extension-MobileUI extension before 1.04 in Request Tracker RT 4.0.0 before 4.0.13, when using the file-based session store Apache::Session::File and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and cache...

CVE-2013-3737

The MobileUI aka RT-Extension-MobileUI extension before 1.04 in Request Tracker RT 4.0.0 before 4.0.13, when using the file-based session store Apache::Session::File and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and cache...

CVE-2013-3737

The CVE-2013-3737 issue affects the MobileUI (RT-Extension-MobileUI) for Request Tracker (RT) installations. It concerns MobileUI &gt;=?