57 matches found
EUVD-2026-33978
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...
Exploit for Path Traversal in Xibosignage Xibo
Xibo CMS CVE-2023-33177 Vulnerability Tester !Python 3.6+...
EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-1285)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...
iperf3: iperf Heap Buffer Overflow
A flaw was found in iperf3. An off-by-one error in the iperfauth.c file leads to a heap-based buffer overflow, potentially allowing a network attacker to trigger an application-level denial of service. This overflow occurs during the processing of authentication data. The vulnerability can only b...
libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...
VulnCheck KEV: CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
UBUNTU-CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...
Apple watchOS 安全漏洞
Apple watchOS is a set of smartwatch operating systems from Apple USA. A security vulnerability exists in Apple watchOS versions prior to 26.1, which stems from improper management of authentication status and could allow a physical access attacker to view Live Voicemail...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
SUSE-SU-2025:20808-1 Security update for kernel-livepatch-MICRO-6-0_Update_5
This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing bsc1237048 - CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744 - CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth erro...
EUVD-2018-2648
Malware in sbrugna...
EUVD-2020-17687
Malware in sbrugna...
Joomla! CMS 安全漏洞
Joomla! CMS is an open source content management system from Joomla! A security vulnerability exists in Joomla! CMS that stems from improper handling of authentication requests, which could lead to user enumeration attacks...
CVE-2019-1320
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340...
CVE-2025-3659
CVE-2025-3659 affects Digi PortServer TS (up to 82000747_AA, build 06/17/2022), Digi One SP/SP IA/IA (up to 82000774_Z, build 10/19/2020), and Digi One IAP (up to 82000770_Z, build 10/19/2020). Root cause: improper authentication handling in a set of HTTP POST requests to the device web interface...
PYSEC-2025-16
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...
PT-2025-15123 · Lnbits +1 · Lnbits +1
Name of the Vulnerable Software and Affected Versions: LNbits affected versions not specified Description: A Server-Side Request Forgery SSRF issue has been found in LNbits' LNURL authentication handling functionality. This occurs because the application does not properly validate the callback UR...
LNbits 代码问题漏洞
LNbits is a Python server open-sourced by LNbits. A code issue vulnerability exists in LNbits that stems from a server-side request forgery in the LNURL authentication handling function that could lead to access to internal resources...
SUSE-FU-2025:0661-1 Feature update for slurm and pdsh
This update for slurm and pdsh fixes the following issues: slurm was updated to version 24.11.1 using package slurm2411: - Security issues fixed: CVE-2024-48936: Fixed authentication handling in stepmgr that could permit an attacker to execute processes under other users' jobs bsc1236722...