28 matches found
EUVD-2026-9984
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
EUVD-2008-2344
Malware in sbrugna...
EUVD-2006-4874
Malware in sbrugna...
EUVD-2020-29906
Malware in sbrugna...
EUVD-2024-41278
Malicious code in bioql PyPI...
EUVD-2022-6454
Malicious code in bioql PyPI...
EUVD-2023-56812
Malicious code in bioql PyPI...
The vulnerability of the web application for the basic configuration of devices under Revolution Pi OS, specifically the Bullseye device, is related to deficiencies in the authentication process. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the web application for the basic configuration of devices under the Revolution Pi OS operating system, Bullseye, is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and...
CVE-2019-9939
The SHAREit application before 4.0.36 for Android allows a remote attacker on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requeste...
Security Update for the OPC UA .NET Standard Stack
This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. Note that the Basic128Rsa15 is disabled by default so most users will not be...
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h958-fxgg-g7w3. This link is maintained to preserve external references. Original Description Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass...
CVE-2024-42513
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints...
CVE-2024-42512
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled...
CVE-2024-42512
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled...
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router
Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated...
CVE-2023-6451 Publicly Known Cryptographic Machine Key In Procura Portal Application
Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms...
Authentication flaw
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...
CVE-2022-29865
The CVE-2022-29865 entry concerns the OPC UA .NET Standard Stack. The connected sources confirm a remote authentication bypass vulnerability in this stack where crafted credentials can bypass the application authentication check. The NVD entry lists an affected component (OPC UA .NET Standard Sta...