WordPress plugin WP IMAP Auth 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

SUSE-SU-2025:0167-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517...

Authentication Method Confusion

CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...

GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

CVE-2024-10082

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames

Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the allowedCredentials property i...

RHEL 5 : curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: NTLM password overflow via integer overflow CVE-2018-14618 - cURL and libcurl 7.10.6 through 7.34.0...

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

CMS Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! CMS that stems from the MFA management feature failing to properly terminate an existing user session when the user's MFA method has been modified...

Windows Hello fingerprint authentication can be bypassed on popular laptops

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Microsoft’s Offensive Research and Security Engineering MORSE asked the researchers to evaluate the security of the top three...

Attackers demand ransoms for stolen LinkedIn accounts

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...

Eliminate Advanced Endpoint Analysis scans on Mobile devices/iOS.

We have a pre-epa + ldap as the authentication method. Since we have EPA as pre-authentication when we try to access via the mobile devices such as Android/iPhone or iOS and other devices we won’t be able to access. As we know that EPA scan is not supported on mobile devices or iOS, therefore we...

prodigasistemas curupira SQL注入漏洞

curupira is a simple authentication and authorization method from Pródiga Sistemas open source. A SQL injection vulnerability exists in prodigasistemas curupira, which stems from the presence of unknown functionality in the file app/controllers/curupira/passwordscontroller.rb, leading to SQL...

VMware Workspace One Assist Multiple Vulnerabilities (VMSA-2022-0028)

The VMware Workspace One Assist server running on the remote host is affected multiple vulnerabilities, including the following: - VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able ...

Authentication flaw

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

VMware Workspace ONE Assist update addresses multiple vulnerabilities.

3a. Authentication Bypass vulnerability CVE-2022-31685 VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. Broken Authentication Method...

CVE-2021-44032

TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 The original discovery and manual PoC is from...