EUVD-2023-44780

Malicious code in bioql PyPI...

CVE-2020-26034

An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Invision Power Board Admin 帐号接管命令执行漏洞

Invision Power Board是一个非常流行的PHP论坛程序。 Invision Power Board没有正确验证注册页面User Email字段的输入内容，导致远程攻击者能够修改任意用户的登录密码。通过修改管理员帐户的密码，攻击者能够远程执行代码。成功利用该漏洞需要攻击者获得目标帐户的用户名和注册邮件地址。 0 Invision Power Board Invision Power Board 3.4.4 厂商补丁： Invision Power Board -------------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...