401 matches found
CVE-2025-41083 Improper Neutralization in Altitude Communication Server
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...
EUVD-2025-206376
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...
CVE-2025-41083
CVE-2025-41083 affects Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude. The issue is manipulation of the Host header in HTTP requests, enabling redirection to an arbitrary URL or altering the base URL to lure users into sending login credentials to a mali...
CVE-2025-41083
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...
PT-2026-4739
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...
@pepr/istio (=0.1.0), @pepr/keycloak-authsvc (>=0.3.0 <=0.6.0) potentially affected by CVE-2026-23634 via pepr (>=0.14.2 <=0.9.0)
pepr NPM version =0.14.2, =0.3.0, =0.6.0 Source cves: CVE-2026-23634 Source advisory: OSV:GHSA-W54X-R83C-X79Q...
CVE-2022-26355
Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...
Session Fixation
Overview Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework Affected versions of this package are vulnerable to Session Fixation. Affected versions of this package are vulnerable to Session Fixation. The session authentication helper fails to clear session...
EUVD-2025-198066
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
EUVD-2025-178648
Malicious code in gridsome-enceladus-aldebaran-auth0 npm...
CVE-2025-12266
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...
EUVD-2025-36162
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...
CVE-2025-12266
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...
CVE-2025-12266
CVE-2025-12266 affects Zytec Dalian Zhuoyun Technology Central Authentication Service. The vulnerability is in the function _empty of /index.php/auth/widget; manipulation of the parameters get.layer, get.widget, and get.action can trigger remote code injection. The exploit is public and can be us...
CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...
PT-2025-43933
Name of the Vulnerable Software and Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service versions prior to 20251010 Description A code injection issue exists in the Central Authentication Service. The issue is located in the empty function of the /index.php/auth/widget...
CVE-2025-62425
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
EUVD-2025-34822
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...