CVE-1999-0391

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user...

EUVD-2018-10291

Malware in sbrugna...

EUVD-2018-17237

Malware in sbrugna...

EUVD-2023-26466

Malicious code in bioql PyPI...

EUVD-2024-22958

Malicious code in bioql PyPI...

EUVD-2023-28479

Malicious code in bioql PyPI...

EUVD-2023-58565

Malicious code in bioql PyPI...

GHSA-6C5R-4WFC-3MCX Hashicorp Vault has Incorrect Validation for Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

PT-2025-30646 · WordPress · Onlyoffice Docs Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Docs plugin for WordPress versions 1.1.0 through 2.2.0 Description: The ONLYOFFICE Docs plugin for WordPress is susceptible to a privilege escalation issue due to insufficient authorization checks within the oo.callback REST...

CVE-2025-6942

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine...

PT-2025-27658 · Unknown · Secret Server

Name of the Vulnerable Software and Affected Versions: Secret Server versions 11.7.49 and earlier Description: The distributed engine of Secret Server can be exploited during an initial authorization event, allowing an attacker to impersonate another distributed engine. Recommendations: For Secre...

Incorrect Access Control

Erxes is vulnerable to Incorrect Access Control. The vulnerability is due to authentication bypass due to improper validation of the User HTTP header, allowing attackers to impersonate users and access any GraphQL endpoint...

CVE-2024-11166

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control SLC to the lowest setting and disable the Resolution Advisory RA, leading to a...

CVE-2023-41089

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests...

CVE-2020-9501

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in...

CVE-2019-5966

Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors...

CVE-2017-16673

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified...

CVE-2018-1999035

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to...

CVE-2025-4143

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in:...

CVE-2021-47663 Improper session handling

Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access...