CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

CVE-2025-52997 File Browser Insecurely Handles Passwords

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...

CVE-2025-0051

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service...

CVE-2025-0052

Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service...

CVE-2025-0051

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service...

CVE-2025-0051 FlashArray DOS Vulnerability

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service...

CVE-2025-0051 FlashArray DOS Vulnerability

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service...

Pure Storage FlashArray 输入验证错误漏洞

Pure Storage FlashArray is an all QLC flash storage array from Pure Storage, Inc. A security vulnerability exists in Pure Storage FlashArray that originates from improper input validation during the authentication process, which could result in a system denial of service...

Exploit for CVE-2025-49113

CVE-2025-49113 - Roundcube Remote Code Execution A proof-of-c...

PT-2025-22895 · Unknown · M3M Printer Server Web

Name of the Vulnerable Software and Affected Versions: M3M Printer Server Web affected versions not specified Description: A user enumeration issue exists in the user authentication process, where differing error messages could allow an attacker to determine if a username is valid, potentially...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

CVE-2020-27523

Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screenkey, displayname, browsername, and operationsystem parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2025-42602

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to...

Meon KYC 授权问题漏洞

Meon KYC is a solution from Meon India. Meon KYC suffers from an authorization issue vulnerability that stems from the mishandling of access and refresh tokens by certain API endpoints during the authentication process, which could lead to unauthorized access to other user accounts...

ABB Cylon FLXeon 9.3.4 (login.js) Node Timing Attack

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

CVE-2022-34820

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

CVE-2024-11022

The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack...

ROS-20241203-10

Vulnerability in the IPAuthenticationProvider component of a centralized service for maintaining configuration information and providing distributed synchronization and group services. configuration, naming, providing distributed synchronization and provisioning of group services Apache ZooKeeper...

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...