Lucene search
+L

90 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2025-210470

A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...

7.5CVSS6AI score0.00343EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-58847

Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A null pointer dereference occurs in the ReadRevisionAttribute function, which is utilized across several clusters including Channel, Account Login, and TargetNavigator. The issue...

7.5CVSS6.1AI score0.00343EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/27 5:31 a.m.26 views

EUVD-2026-32094

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/06 5:40 p.m.5 views

EUVD-2026-10054

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

9.3CVSS5.8AI score0.00333EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.17 views

Fortinet FortiWeb SSO authentication bypass (FG-IR-26-060)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyzer ma...

9.8CVSS5.9AI score0.85844EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 7:18 p.m.670 views

CVE-2026-24858

CVE-2026-24858 is a high-severity authentication bypass affecting Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb (various 7.x versions) via FortiCloud SSO. The issue allows an attacker with a FortiCloud account and a registered device to log into other devices registered ...

9.8CVSS7AI score0.85844EPSS
In wildExploits0References4Affected Software6
Cvelist
Cvelist
added 2025/12/10 4:50 p.m.35 views

CVE-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

0.0016EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.10 views

PT-2025-50357

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description A cross-site request forgery CSRF issue exists in Jenkins that could allow an attacker to trick users into logging in to the attacker’s account. A CSRF...

3.5CVSS6.6AI score0.0016EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-9786

Malware in sbrugna...

6.5CVSS6.6AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-4683

Malware in sbrugna...

5CVSS6.4AI score0.01184EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2005-2510

Malware in sbrugna...

2.1CVSS6.4AI score0.0039EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2020-30714

Malware in sbrugna...

4.3CVSS6AI score0.00719EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6262

Malware in sbrugna...

3.3CVSS4.2AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2026

Malicious code in bioql PyPI...

5.3CVSS4.6AI score0.00771EPSS
Exploits0References8
NVD
NVD
added 2025/08/19 9:15 p.m.6 views

CVE-2025-55031

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed...

9.8CVSS0.00386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.10 views

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

6.1CVSS5.9AI score0.00391EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 p.m.7 views

CVE-2020-9935

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account...

4.3CVSS5.9AI score0.00719EPSS
Exploits0References1
Snyk
Snyk
added 2025/02/28 2:43 p.m.4 views

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/login. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Details...

5.1CVSS5.3AI score0.00237EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/28 1:42 p.m.5 views

CVE-2025-1747 HTML injection vulnerability in OpenCart

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login...

4.7CVSS5AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2025/02/28 1:42 p.m.77 views

CVE-2025-1747

CVE-2025-1747 describes HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. The issue allows an attacker to modify the HTML of a victim’s browser by sending a malicious URL and altering the parameter name in /account/login. Affected software: OpenCart (opencart/opencart package in...

4.7CVSS5.1AI score0.00237EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder