391 matches found
CVE-2023-37057
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism...
CVE-2023-36347
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data...
CVE-2023-20154
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...
CVE-2022-48300
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2022-48299
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2021-21986
The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...
IBM Maximo Asset Management Server-Side Request Forgery Vulnerability
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...
IBM WebSphere Application Server Server-Side Request Forgery Vulnerability
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A server-side request forgery vulnerability exists in IB...
CVE-2021-47664
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames...
Exploit for CVE-2025-2825
It is an exploit module/toolkit targeting CrushedFTP. The tool,...
BIT-JOOMLA-2022-23795 [20220303] - Core - User row are not bound to a authentication mechanism
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover...
SAP CRM and SAP S/4HANA server-side request forgery vulnerability (CNVD-2025-07595)
SAP CRM and SAP S/4HANA are both products of SAP, a customer relationship management system, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP CRM and SAP S/4HANA suffer from a server-side request forgery vulnerability, which stems fr...
Dell SmartFabric OS10 Server-Side Request Forgery Vulnerability
Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. Dell SmartFabric OS10 suffers from a server-side request forgery vulnerability, which stems from the server not implementing an adequate authentication mechanism to confirm the origin of the request, and can be...
IBM Aspera Shares Server-Side Request Forgery Vulnerability
IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to confirm the origin of a request, which could be exploited...
The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to gain privileged access to the infrastructure.
The vulnerability of the Core component in Oracle VM VirtualBox is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker to gain privileged access to the infrastructure...
[SECURITY] [DLA 4047-1] sssd security update
Debian LTS Advisory DLA-4047-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 09, 2025 https://wiki.debian.org/LTS Package : sssd Version : 2.4.1-2+deb11u1 CVE ID : CVE-2021-3621 CVE-2023-3758 Debian Bug : 992710 1070369 Vulnerabilities were found in sssd...
CVE-2024-3263
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...
CVE-2024-8901
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
Advisory ROSA-SA-2025-2584
software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...
CVE-2024-13026
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used legacy component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft...