Lucene search
K

407 matches found

osv
osv
added 2026/02/10 7:16 p.m.7 views

AZL-77444 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.2AI score0.00302EPSS
Exploits0References1
osv
osv
added 2026/02/04 8:50 p.m.3 views

CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

8.1CVSS5.4AI score0.00492EPSS
Exploits0References6
cvelist
cvelist
added 2026/02/04 8:50 p.m.25 views

CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

8.1CVSS0.00492EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/27 3:23 p.m.6 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
nvd
nvd
added 2026/01/26 10:16 a.m.7 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS0.00434EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/26 9:42 a.m.34 views

CVE-2025-41083 Improper Neutralization in Altitude Communication Server

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS0.00434EPSS
Exploits0References1
euvd
euvd
added 2026/01/26 9:42 a.m.8 views

EUVD-2025-206376

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
cve
cve
added 2026/01/26 9:42 a.m.11 views

CVE-2025-41083

CVE-2025-41083 affects Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude. The issue is manipulation of the Host header in HTTP requests, enabling redirection to an arbitrary URL or altering the base URL to lure users into sending login credentials to a mali...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/26 9:42 a.m.3 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/01/26 12:0 a.m.6 views

PT-2026-4739

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/01/15 8:14 p.m.7 views

@pepr/istio (=0.1.0), @pepr/keycloak-authsvc (>=0.3.0 <=0.6.0) potentially affected by CVE-2026-23634 via pepr (>=0.14.2 <=0.9.0)

pepr NPM version =0.14.2, =0.3.0, =0.6.0 Source cves: CVE-2026-23634 Source advisory: OSV:GHSA-W54X-R83C-X79Q...

4.3CVSS5.8AI score0.00227EPSS
Exploits0
redhatcve
redhatcve
added 2026/01/09 10:43 a.m.6 views

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

4.4CVSS7AI score0.0017EPSS
Exploits0References1
snyk
snyk
added 2025/12/02 6:40 a.m.2 views

Session Fixation

Overview Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework Affected versions of this package are vulnerable to Session Fixation. Affected versions of this package are vulnerable to Session Fixation. The session authentication helper fails to clear session...

9.3CVSS7AI score
Exploits0References3
euvd
euvd
added 2025/11/18 9:32 p.m.5 views

EUVD-2025-198066

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

5.8CVSS6.4AI score0.00233EPSS
Exploits0References2
osv
osv
added 2025/11/18 7:15 p.m.2 views

CVE-2025-37159

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

7.3CVSS5.8AI score
Exploits0References1
euvd
euvd
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178648

Malicious code in gridsome-enceladus-aldebaran-auth0 npm...

6.6AI score
Exploits0
redhatcve
redhatcve
added 2025/10/28 11:54 a.m.4 views

CVE-2025-12266

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS6.8AI score0.00345EPSS
Exploits0References1
euvd
euvd
added 2025/10/27 12:32 p.m.6 views

EUVD-2025-36162

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS6.4AI score0.00345EPSS
Exploits0References5
nvd
nvd
added 2025/10/27 11:15 a.m.5 views

CVE-2025-12266

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS0.00345EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/10/27 11:2 a.m.3 views

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS6.4AI score0.00345EPSS
Exploits0References4
Rows per page
Query Builder