37 matches found
EUVD-2025-203314
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...
PYSEC-2025-135
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...
EUVD-2012-5903
Malware in sbrugna...
CVE-2025-46409
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker...
CVE-2025-6386
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-5446 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RPcheckCredentialsByBBS of the file /goform/RPcheckCredentialsByBBS. The manipulation of th...
CVE-2024-42543
TOTOLINK A3700R v9.1.2u.5822B20200513 has a buffer overflow vulnerability in the httphost parameter in the loginauth function...
CVE-2023-38908
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function...
CVE-2022-44260
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function...
CVE-2025-44898
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the webaaaloginAuthlistEdit function...
CVE-2025-1863 Insecure default settings for recorder products
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related ...
PT-2025-17258 · Yokogawa Electric · Fx1000 +12
Name of the Vulnerable Software and Affected Versions: Yokogawa Electric Corporation GX10 / GX20 / GP10 / GP20 Paperless Recorders versions R5.04.01 or earlier Yokogawa Electric Corporation GM Data Acquisition System versions R5.05.01 or earlier Yokogawa Electric Corporation DX1000 / DX2000 /...
The vulnerability of the auth_asp function in D-link DI-8100 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the authasp function in D-link DI-8100 router microprogramming systems is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted GET request remotely...
SUSE-SU-2025:20231-1 Security update for pam_u2f
This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517...
The vulnerability of the ogs_dbi_auth_info() function (lib/dbi/subscription.c), which is used for creating and managing the NR/LTE Open5GS mobile network, allows a perpetrator to cause a service failure.
The vulnerability of the ogsdbiauthinfo function lib/dbi/subscription.c, which is used for creating and managing the NR/LTE Open5GS mobile network, is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
CVE-2024-28405
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMSFuntion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
GL.iNet AX1800 Security Vulnerability
The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 that stems from a vulnerability that allows an attacker to execute arbitrary code with the specially crafted GLnassys authentication function...
CVE-2023-47463
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...
PT-2023-30460 · Gl.Inet · Gl-Inet Ax1800
Name of the Vulnerable Software and Affected Versions: GL.iNet AX1800 versions 4.0.0 through 4.4.x Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the gl nas sys authentication function. This enables the attacker to potentially gain unauthorized...