11979 matches found
PT-2026-54834
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to...
CVE-2026-13582 Edimax EW-7478APC POST Request formUSBAccount buffer overflow
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...
gnutls: gnutls: Authentication Bypass via NUL Character in Username
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
PYSEC-2026-302 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...
PYSEC-2026-300 Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...
CVE-2026-13563
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-13563
Edimax EW-7478APC (firmware 1.04) is affected in the POST Request Handler, specifically the formL2TPSetup function of /goform/formL2TPSetup. Manipulation of the L2TPUserName argument leads to a stack-based buffer overflow, enabling remote exploitation. Public exploit details exist, and the vendor...
gnutls: gnutls: Authentication Bypass via NUL Character in Username
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
Malicious code in rebrandly-domains-digger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...
Important: Red Hat Security Advisory: gnutls and libtasn1 security update
An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
CVE-2026-13499
CVE-2026-13499 concerns a cross-site scripting flaw in the yashpokharna2555 restaurent-management-system, affecting the Registration Handler’s login_register.php. Manipulating the Username argument enables an XSS condition, with remote initiation possible. The exploit has been publicly released; ...
CVE-2026-13499 yashpokharna2555 restaurent-management-system Registration login_register.php cross site scripting
A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file loginregister.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiat...
CVE-2026-13499
A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file loginregister.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiat...
EUVD-2026-39997
A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file loginregister.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiat...
CVE-2026-13482
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
EUVD-2026-39982
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-13482
CVE-2026-13482 affects skypilot-org/skypilot
PT-2026-53110
Name of the Vulnerable Software and Affected Versions yashpokharna2555 restaurent-management-system affected versions not specified Description A security flaw exists in the Registration Handler component within the login register.php file. A remote attacker can perform cross-site scripting XSS—a...