EUVD-2026-2781

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls...

Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

Impact For users with the following configuration: An allow policy that selects a Layer 3 identity and a port range AND A Layer 7 allow policy that selects a specific port within the first policy's range then Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This...

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...

GHSA-QCM3-7879-XCWW Gateway API route matching order contradicts specification

Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...

Gateway API route matching order contradicts specification

Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

OWASP Coraza WAF - A Golang Modsecurity Compatible Web Application Firewall Library

Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution Debian and Centos are recommended, Windows i...

P-News 1.16/1.17 - 'user.dat' Remote Password Disclosure

P-News user.datRemote Password Disclosure Vulnerablity S.name:P-News Affected versions:1.17 and 1.16 Vendor:www.ppopn.net Risk:Very Highly Critical Author:Dr Max Virus Location:Egypt POC: http:/target/path/db/user.dat As We see Admin name and hash !!!!!!!!!!!!!!!!!!!!!!!!!! You can crack the...