CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

GO-2026-4525 Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint in github.com/mattermost/mattermost-plugin-zoom

Mattermost Plugin Zoom fail to validate user identity and post ownership in the /api/v1/askPMI endpoint in github.com/mattermost/mattermost-plugin-zoom...

Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

PT-2025-49765

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

PT-2025-47214

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47 Description The software contains out-of-bounds read and write issues within the ControlVault WBDI Driver Broadcom Storage Adapter functionalit...

EUVD-2017-7868

Malware in sbrugna...

EUVD-2004-2686

Malware in sbrugna...

EUVD-2018-14223

Malware in sbrugna...

EUVD-2019-1157

Malware in sbrugna...

EUVD-2021-23950

Malware in sbrugna...

EUVD-2023-39867

Malicious code in bioql PyPI...

EUVD-2025-18159

Malicious code in bioql PyPI...

Bridging the Mobile Trust Gap: a Zero Trust Framework for Consumer-Facing Applications

Zero Trust Architecture ZTA has become a widely adopted model for securing enterprise environments, promoting continuous verification and minimal trust across systems. However, its application in mobile contexts remains limited, despite mobile applications now accounting for most global digital...

CVE-2025-7722

The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the updateusermeta function. This makes it possible for...

CVE-2023-26460

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...

CVE-2020-14122

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...

Large Language Model-Driven Security Assistant for Internet of Things Via Chain-Of-Thought

The rapid development of Internet of Things IoT technology has transformed people's way of life and has a profound impact on both production and daily activities. However, with the rapid advancement of IoT technology, the security of IoT devices has become an unavoidable issue in both research an...

Identity Control Plane: the Unifying Layer for Zero Trust Infrastructure

This paper introduces the Identity Control Plane ICP, an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials v...

CVE-2024-13677 GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...

CVE-2024-12287

CVE-2024-12287 affects Biagiotti Membership (WordPress) up to v1.0.2, with an authentication bypass in biagiotti_membership_check_facebook_user that allowed unauthenticated users to log in as other accounts (e.g., administrators) if mail access existed. The issue is rated CVSS 3.1/3.1. Vector: Ne...