GHSA-Q926-C743-49QJ Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning

Summary Centrifugo supports a configuration flag insecureskiptokensignatureverify that completely disables JWT signature verification. When enabled, Centrifugo accepts any JWT token regardless of signature validity — including tokens signed with wrong keys, random signatures, or no signature at...

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2025-14412 Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability

Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14403

PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution (CVE-2025-14403) affects PDFsam Enhanced. The vulnerability exists in the Launch action, permitting arbitrary code execution via dangerous scripts executed without proper user warnings; exploitation requires the target to visit ...

CVE-2025-14402

PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a...

Linux Distros Unpatched Vulnerability : CVE-2017-7436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious server...

SUSE CVE-2025-6426

The executable file warning did not warn users before opening files with the terminal extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12...

CVE-2025-6426

The executable file warning did not warn users before opening files with the terminal extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12...

CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...

CVE-2023-4054

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and...

Mozilla: Lack of warning when opening Diagcab files

The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code...

Mozilla: Lack of warning when opening Diagcab files

The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code...

CVE-2023-21068

In TBD of TBD, there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. Use...

UBUNTU-CVE-2021-38506

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2020-61588)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge based on Chromium, which stems from the program failing to prompt a warning message to the user when downloading a DLL file. The...

elinks SSL vulnerability

User is not warned on certificate problems...