CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

EUVD-2026-8893

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

PT-2026-22199

Name of the Vulnerable Software and Affected Versions Zulip versions prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7 Description Zulip is a team collaboration tool. A flaw existed in the API endpoint used for creating a card update session during an upgrade process, allowing users with...

EUVD-2023-12930

Malicious code in bioql PyPI...

CVE-2024-5993 Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

WordPress plugin Cliengo - Chatbot security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

PT-2024-37298 · WordPress · Cliengo – Chatbot

Name of the Vulnerable Software and Affected Versions: The Cliengo – Chatbot plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to a missing capability check on the update session function, allowing authenticated attackers with Subscriber-level access and...

UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service

2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version ofWindows 10, you should expect it to be patched in the coming months. Description This PoC shows a technique that can be used to...

Background Intelligent Transfer Service Privilege Escalation Exploit

This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service BITS, to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code executio...

SUSE-SU-2015:1300-1 Security update for novnc

novnc was updated to fix a session hijacking problem through insecurely set session token cookies bnc922233, CVE-2013-7436. Security Issues: CVE-2013-7436...

IRSR <= 0.2 (_sysSessionPath) Remote File Include Vulnerability

No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - IRSR - Invisionix Roaming System Remote = 0.2 sysSessionPath Remote File Include Vulnerabilities + + + - Script name: IRSR - Invisionix Roaming System Remote v. 0.2 - Script site: http://www.invisionix.org ...