Lucene search
K

86 matches found

Vulnrichment
Vulnrichment
added 2026/01/22 9:2 p.m.10 views

CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.4 views

CVE-2022-38180

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases...

6.5CVSS7.1AI score0.00609EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/10/21 12:0 a.m.12 views

Multi-Factor Authentication in Spring Security 7

In 2013, it was proposed to add multi-factor authentication into Spring Security. That was the year that “selfie” was added to the English dictionary and “What Does the Fox Say?” was a viral YouTube hit. Needless to say, one of the biggest features in Spring Security 7 is a long time coming, and ...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18822

Malware in sbrugna...

9.1CVSS9.2AI score0.0059EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2002

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00585EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2984

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0063EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39798

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00887EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-39799

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00709EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.7 views

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

6.5CVSS6.7AI score0.0063EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.6 views

CVE-2022-37146

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...

5.3CVSS7.3AI score0.00709EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/22 12:0 a.m.8 views

Timing Attack

Overview org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security. Affected versions of this package are vulnerable to Timing Attack due to an unintentional bypass for DaoAuthenticationProvider constant time controls, which was caused by the fix...

7.4CVSS7.1AI score0.00568EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.5 views

Ratify 授权问题漏洞

Ratify is an artifact approval framework CNCF sandbox from Ratify open source. An authorization issue vulnerability exists in Ratify version 1.2.3 and prior to version 1.3.2 that stems from the Azure Authentication Provider not verifying that the target registry is ACR, which could lead to misuse...

7.2CVSS6.4AI score0.00445EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/27 6:21 p.m.11 views

CVE-2025-23046

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

7.5CVSS7AI score0.0042EPSS
Exploits0References1
OSV
OSV
added 2025/02/25 6:15 p.m.7 views

UBUNTU-CVE-2025-23046

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

7.5CVSS5.8AI score0.0042EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.6 views

The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows a attacker to bypass the authentication process.

The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication through phising techniques...

9.4CVSS7.2AI score0.00924EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2024/11/07 10:15 a.m.13 views

UBUNTU-CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

9.1CVSS7.1AI score0.00924EPSS
Exploits0References3
NVD
NVD
added 2024/10/16 9:15 a.m.21 views

CVE-2023-22650

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...

8.8CVSS0.00585EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 8:20 a.m.4 views

CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/16 8:20 a.m.33 views

CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...

8.8CVSS0.00585EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/16 8:20 a.m.11 views

CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...

8.8CVSS7.2AI score0.00585EPSS
Exploits0References2
Rows per page
Query Builder