EUVD-2026-27879

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

Palo Alto Networks PAN-OS 缓冲区错误漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a buffer overflow vulnerability in Palo Alto Networks PAN-OS, which stems from insufficient boundary checks during the processing of certain data packets by the User-ID Authenticati...

Content Spoofing

org.wso2.identity.apps:authentication-portal is vulnerable to Content Spoofing. The vulnerability is due to improper handling and validation of error messages passed through URL parameters, which allows an attacker to inject arbitrary content into the user interface and deceive users through...

EUVD-2025-29270

Malicious code in bioql PyPI...

org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=2.23.2) potentially affected by CVE-2024-6429 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=2.4.39)

org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =2.23.2 Source cves: CVE-2024-6429 Source advisory: OSV:GHSA-R6F3-55WJ-G9P3...

CVE-2025-6999

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

CVE-2025-6999

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

CVE-2025-6999

CVE-2025-6999 describes an HTTP Request Smuggling (CWE-444) vulnerability in the WatchGuard Fireware OS Authentication portal, affecting Fireware OS versions 12.0–12.11.2. The issue allows a remote attacker to evade request parameter sanitation and perform a reflected self-XSS attack. The vulnera...

CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

PT-2025-37771

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: An HTTP Request Smuggling vulnerability exists in the Authentication portal of WatchGuard Fireware OS, allowing a remote attacker to evade request parameter sanitation and...

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

CVE-2024-57587

The CVE-2024-57587 issue affects EasyVirt DCScope (&lt;= 8.6.0) and EasyVirt CO2Scope (

org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=1.6.179) potentially affected by CVE-2023-6837 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=1.6.179)

org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =1.6.179 Source cves: CVE-2023-6837 Source advisory: OSV:GHSA-F6JM-9PR8-9C3W...

Fortinet FortiAuthenticator 授权问题漏洞

Fortinet FortiAuthenticator, a centralized user identity management solution from Fortinet, Inc. is vulnerable to an authentication bypass vulnerability in version 6.4.0 due to improper design or implementation of the authentication module code. issue. An attacker could exploit this vulnerability...