28 matches found
CVE-2026-22250
creationtimestamp| type| source ---|---|--- 2026-01-24 21:25:51+00:00| seen| https://gist.github.com/alon710/993ddabe5583c1b2cc03e837aca7556a 2026-01-24 22:41:16+00:00| seen| https://gist.github.com/alon710/0280aad06e7e981a72160671c388f102...
DEBIAN-CVE-2026-22250
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...
CVE-2026-22250 wlc can skip SSL verification
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...
Linux Distros Unpatched Vulnerability : CVE-2026-22250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability ...
CVE-2021-22250
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account...
CVE-2022-22250
creationtimestamp| type| source ---|---|--- 2025-05-09 15:25:41+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15749...
CVE-2024-22250
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
VMSA-2024-0003:Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
Advisory ID: | VMSA-2024-0003 ---|--- CVSSv3 Range: | 9.6 - 7.8 Issue Date: | 2024-02-20 Updated On: | 2024-02-20 Initial Advisory CVEs: | CVE-2024-22245, CVE-2024-22250 Synopsis: | Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced...
K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...
No fix KrbRelay VMware style
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a...
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...
CVE-2024-22250
creationtimestamp| type| source ---|---|--- 2024-02-20 19:27:18+00:00| seen| https://t.me/ctinow/188848 2024-02-20 19:32:06+00:00| seen| https://t.me/ctinow/188864 2024-02-21 06:38:32+00:00| seen| https://t.me/thehackernews/4578 2024-02-21 13:41:18+00:00| seen|...
CVE-2024-22250
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
CVE-2024-22250
CVE-2024-22250 affects the VMware Enhanced Authentication Plug‑in (EAP). The connected sources describe two related issues: (1) CVE-2024-22250 enables a local attacker with unprivileged access to hijack a privileged EAP session during Windows logon, via the EAP flow used in vCenter web console; a...
CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
GitLab 13.3 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22250)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account CVE-2021-22250 Note that...
CVE-2023-22250
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this...
CVE-2023-22250
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this...
CVE-2023-22250
Adobe Commerce Open Source/Commerce (Magento) suffers an Improper Access Control vulnerability (CVE-2023-22250) affecting 2.4.4-p2 and earlier and 2.4.5-p1 and earlier. The issue could allow a security feature bypass and impact availability of a user’s minor feature without user interaction. CVSS...