π¨ CVE-2026-54774
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Fix SAML signature bypass when signing token is non-X509 (COREWCF-202β¦ Β· CoreWCF/CoreWCF@65d0902
β¦6-006)
SamlSerializer.ReadToken validates the signature on a SAML 1.1 assertion
in two branches based on the type of signing token resolved by the
out-of-band token resolver:
* X509SecurityTok...
SamlSerializer.ReadToken validates the signature on a SAML 1.1 assertion
in two branches based on the type of signing token resolved by the
out-of-band token resolver:
* X509SecurityTok...
π¨ CVE-2026-54775
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Fix Kafka tombstone halts consume pump Β· CoreWCF/CoreWCF@1a229d0
A Kafka tombstone (Message.Value == null, a legal log-compaction record)
caused KafkaTransportPump.OnConsumeMessage to throw ArgumentNullException
when constructing ReadOnlySequence<byte&...
caused KafkaTransportPump.OnConsumeMessage to throw ArgumentNullException
when constructing ReadOnlySequence<byte&...
π¨ CVE-2026-54776
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Defer remote security creation in PosixIdentity stream upgrade acceptor Β· CoreWCF/CoreWCF@9944312
UnixPosixIdentitySecurityUpgradeAcceptor was eagerly initializing
_remoteSecurity to an empty SecurityMessageProperty in its constructor.
StreamSecurityUpgradeAcceptor.GetRemoteSecurity is document...
_remoteSecurity to an empty SecurityMessageProperty in its constructor.
StreamSecurityUpgradeAcceptor.GetRemoteSecurity is document...
π¨ CVE-2026-54778
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Use reentrant getpwuid_r/getgrgid_r for POSIX identity resolution Β· CoreWCF/CoreWCF@a3d95ea
Replace the non-reentrant getpwuid/getgrgid imports with their _r
variants that take a caller-supplied buffer. The previous
implementation could return inconsistent results when multiple threads
re...
variants that take a caller-supplied buffer. The previous
implementation could return inconsistent results when multiple threads
re...
π¨ CVE-2026-54779
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Make DefaultTokenReplayCache.TryAdd reject duplicates Β· CoreWCF/CoreWCF@3800c4e
IdentityConfiguration.DetectReplayedTokens has been wired into
SamlTokenValidationParameters since the original port (sets
ValidateTokenReplay = true and supplies a TokenReplayCache to the inner
Mi...
SamlTokenValidationParameters since the original port (sets
ValidateTokenReplay = true and supplies a TokenReplayCache to the inner
Mi...
π¨ CVE-2026-54780
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Enforce algorithm suite policy on Reference DigestMethod values Β· CoreWCF/CoreWCF@5874231
WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignatureAsync already calls EnsureAcceptableSignatureKeySize and EnsureAcceptableSignatureAlgorithm against the configured SecurityAlgorithmSuite, b...
π¨ CVE-2026-54781
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Validate SAML SubjectConfirmation methods and holder-of-key proof keys Β· CoreWCF/CoreWCF@6a99df3
The inner Microsoft.IdentityModel.Tokens.Saml SamlSecurityTokenHandler does not
enforce that the SubjectConfirmationMethod URIs on incoming assertions belong to
the set defined by SAML 1.1, nor doe...
enforce that the SubjectConfirmationMethod URIs on incoming assertions belong to
the set defined by SAML 1.1, nor doe...
π¨ CVE-2026-54782
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Resolve issuer signing key for SAML token validation Β· CoreWCF/CoreWCF@0b8c8af
Provide an IssuerSigningKeyResolver that returns the X509 key used by the inbound SAML 1.1/2.0 assertion, sourced from the resolved SigningToken or the assertion's KeyInfo X509Data, and req...
π¨ CVE-2026-54783
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Bind WS-Security signature lookup and verification target to the Secu⦠· CoreWCF/CoreWCF@0589692
β¦rity header
Refactor signature verification so an attacker can no longer steer the
receiver into validating the wrong ds:Signature, while still allowing
legitimate signatures that cover addressin...
Refactor signature verification so an attacker can no longer steer the
receiver into validating the wrong ds:Signature, while still allowing
legitimate signatures that cover addressin...
π¨ CVE-2026-59723
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCommand frames that read workspace state, mutate MCP and provider settings, and trigger command execution when a provider or model is configured. This issue is fixed in version 3.0.30.
π@cveNotify
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCommand frames that read workspace state, mutate MCP and provider settings, and trigger command execution when a provider or model is configured. This issue is fixed in version 3.0.30.
π@cveNotify
GitHub
fix(hub): validate dashboard websocket host and origin (#11724) Β· cline/cline@d092709
* fix(hub): validate browser websocket origins
* test(hub): cover websocket host and origin gates
* fix(hub): allow explicit bind host for dashboard socket
* fix(hub): default protect browser ro...
* test(hub): cover websocket host and origin gates
* fix(hub): allow explicit bind host for dashboard socket
* fix(hub): default protect browser ro...
π¨ CVE-2020-23450
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
π@cveNotify
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
π@cveNotify
Abuyv
Abuyv is under construction
Just another WordPress site
π¨ CVE-2020-24193
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
π@cveNotify
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
π@cveNotify
Exploit Database
Daily Tracker System 1.0 - Authentication Bypass
Daily Tracker System 1.0 - Authentication Bypass.. webapps exploit for PHP platform
π¨ CVE-2020-24194
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
π@cveNotify
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
π@cveNotify
Cxsecurity
Daily Tracker System - Reflected Cross Site Scripting (XSS) - CXSecurity.com
hyd3sec has realised a new security note Daily Tracker System - Reflected Cross Site Scripting (XSS)
π¨ CVE-2020-21731
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
π@cveNotify
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
π@cveNotify
π¨ CVE-2020-21732
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
π@cveNotify
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
π@cveNotify
GitHub
BugReport/CVE-2020-21732 at master Β· Gr3gPr1est/BugReport
Contribute to Gr3gPr1est/BugReport development by creating an account on GitHub.
π¨ CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
π@cveNotify
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
π@cveNotify
GitHub
BugReport/CVE-2020-21733 at master Β· Gr3gPr1est/BugReport
Contribute to Gr3gPr1est/BugReport development by creating an account on GitHub.
π¨ CVE-2020-23451
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
π@cveNotify
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
π@cveNotify
Abuyv
Abuyv is under construction
Just another WordPress site
π¨ CVE-2020-23446
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
π@cveNotify
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
π@cveNotify
π¨ CVE-2020-25487
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
π@cveNotify
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
π@cveNotify
GitHub
GitHub - Ko-kn3t/CVE-2020-25487: SQL injection Vulnerability in Zoo Management System
SQL injection Vulnerability in Zoo Management System - Ko-kn3t/CVE-2020-25487
π¨ CVE-2020-25514
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
π@cveNotify
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
π@cveNotify
GitHub
GitHub - Ko-kn3t/CVE-2020-25514: Login Bypass in Simple Library Management System 1.0
Login Bypass in Simple Library Management System 1.0 - Ko-kn3t/CVE-2020-25514
π¨ CVE-2020-25515
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
π@cveNotify
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
π@cveNotify
GitHub
GitHub - Ko-kn3t/CVE-2020-25515: Unrestricted File Upload in Simple Library Management System 1.0
Unrestricted File Upload in Simple Library Management System 1.0 - Ko-kn3t/CVE-2020-25515