net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

Two-factor Authentication Bypass

github.com/komari-monitor/komari is vulnerable to two-factor authentication bypass. The vulnerability is due to a logic error in the 2FA verification condition, which allows an attacker to bypass the two-factor authentication mechanism...

CVE-2025-30351 Suspended Directus user can continue to use session token to access API

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

Tools for Humanity: Race Condition Enables Bypassing Verification Check

A race condition was discovered in the WorldID platform that could enable bypassing the verification check limits. The issue resided in the enforcement of maximum allowed verifications, which was not properly synchronized across parallel requests to the cloud backend service. The fix implemented...

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Interesting implementation mistake: The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authentica...

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerabil...

GHSA-Q6J2-G8QF-WVF7 Verification check bypass in Gate One

An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list...

CVE-2020-19003

CVE-2020-19003 affects Gate One 1.2.0. The vulnerability allows bypassing the verification check done by the origins list, enabling a connection to Gate One instances used by hosts not on the origins list. Closely related advisories (GHSA, Red Hat, OSV, PYSEC) describe the same issue; no exploit ...

CVE-2021-1376 Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

CVE-2021-1452

A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...

CVE-2021-1398

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due ...

CVE-2021-1398 Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due ...

WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability

The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...