CVE-2026-53868

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the Client-Initiated Backchannel Authentication CIBA flow. An...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990167 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of userdlmdestroylock When userdlmdestroylock failed, it didn't...

CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

CVE-2024-11197

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

ABB MV Drives

SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System v.3.5.15.0 is utilized in the firmware of ABB MV ACS6080 and ACS5000 drives to provide IEC 61131 programming capabilities. These vulnerabilities could lead...

ABB Low Voltage DC Drives and Power Controllers CODESYS RTS

SUMMARY CODESYS group published several vulnerabilities regarding the CODESYS Runtime System, which is included in the firmware of ABB LV DC drives and power controllers. It is used to implement a selection of features and to provide IEC 611131-3 programming capabilities. These vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2022-49337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: dlmfs: fix error handling of userdlmdestroylock When userdlmdestroylock failed, it didn't clean up the flags it set before exit. For USERLOCKINTEARDOWN, ...

SUSE CVE-2022-49337

In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of userdlmdestroylock When userdlmdestroylock failed, it didn't clean up the flags it set before exit. For USERLOCKINTEARDOWN, if this function fails because of lock is still in used, next time wh...

DEBIAN-CVE-2022-49337

In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of userdlmdestroylock When userdlmdestroylock failed, it didn't clean up the flags it set before exit. For USERLOCKINTEARDOWN, if this function fails because of lock is still in used, next time wh...

CVE-2024-11197

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

CVE-2024-11197

CVE-2024-11197 : The WordPress plugin Lock User Account (versions

CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

WordPress Lock User Account plugin <= 1.0.5 - User Lock Bypass vulnerability

User Lock Bypass vulnerability discovered by Francesco Carlucci in WordPress Plugin Lock User Account versions = 1.0.5...

Delegating older lock to a newer one does not allow to undelegate it

Lines of code Vulnerability details Impact User who accidentally delegates his lock to the newer one, will get his lock stuck. User won't be able to undelegate his lock, because function delegate will always revert. Please notice, that this is the different issue than previously reported:...

CVE-2023-22492 RefreshToken invalidation vulnerability

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...

GHSA-6RRR-78XP-5JP8 Zitadel RefreshToken invalidation vulnerability

Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...

CLSA-2021-1635459227 Fix CVE(s): CVE-2021-2154, CVE-2021-2342, CVE-2021-2169, CVE-2021-2179, CVE-2021-2226, CVE-2021-2307, CVE-2021-2166, CVE-2021-2146, CVE-2021-2162, CVE-2021-2385, CVE-2021-2390, CVE-2021-2194, CVE-2021-2372, CVE-2021-2171, CVE-2021-2389, CVE-2021-2180

SECURITY UPDATE: Update to 5.7.35 to fix security issues - CVE-2021-2342, CVE-2021-2372, CVE-2021-2385, CVE-2021-2389, CVE-2021-2390, CVE-2021-2146, CVE-2021-2154, CVE-2021-2162, CVE-2021-2166, CVE-2021-2169, CVE-2021-2171, CVE-2021-2179, CVE-2021-2180, CVE-2021-2194, CVE-2021-2226, CVE-2021-2307...

Information disclosure

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting users lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...