14 matches found
Weak Password Recovery Mechanism for Forgotten Password
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the userrecovery process. An attacker can gain unauthorized access to any admin account by triggering a password recovery for th...
PT-2026-46852
Summary A low-privilege admin user with user recovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ublkdrv: A NULL pointer dereference issue was fixed in ublkctrlstartrecovery. When two UBLKCMDSTARTUSERRECOVERY commands are submitted, the first one sets ‘ubq-ubqdaemon’ to NULL, and the second one triggers a WARN in...
CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...
EUVD-2024-0829
Malicious code in bioql PyPI...
EUVD-2023-59876
Malicious code in bioql PyPI...
CVE-2023-53207
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
UBUNTU-CVE-2023-53207
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
CVE-2023-53207 ublk: fail to recover device if queue setup is interrupted
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
CVE-2023-53207 ublk: fail to recover device if queue setup is interrupted
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
UBUNTU-CVE-2024-46735
In the Linux kernel, the following vulnerability has been resolved: ublkdrv: fix NULL pointer dereference in ublkctrlstartrecovery When two UBLKCMDSTARTUSERRECOVERY commands are submitted, the first one sets 'ubq-ubqdaemon' to NULL, and the second one triggers WARN in ublkqueuereinit and...
Secure mail stops responding for some users
In some customer environments, SecureMail will occasionally lock up or stop responding. In order to recover, the user needs to reboot his device. Examining SecureMail logs, we observe timeout errors...
Moodle Unauthorized Access Vulnerability (CNVD-2020-65138)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a security vulnerability that stems from inappropriate access restrictions in the process when restoring role...