Lucene search
K

125 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-35652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link...

6.1CVSS5.7AI score0.00889EPSS
Exploits0References2
OSV
OSV
added 2025/08/08 6:0 a.m.2 views

BIT-MOODLE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS5.2AI score0.00243EPSS
Exploits0References4
CVE
CVE
added 2025/07/18 4:23 a.m.22 views

CVE-2025-6813

CVE-2025-6813 affects the WordPress plugin aapanel WP Toolkit (versions 1.0–1.1). The root cause is missing authorization checks in the auto_login() function, enabling authenticated users with Subscriber-level access and above to bypass role checks and gain full admin privileges. The CVE is curre...

8.8CVSS6.5AI score0.00355EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/07/08 11:9 a.m.7 views

WordPress Auto Login After Registration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Auto Login After Registration versions = 1.0.0...

7.1CVSS6.1AI score0.00283EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.5 views

CVE-2024-30262

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

7.1CVSS7AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.9 views

CVE-2023-0522

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS6.7AI score0.00328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.9 views

CVE-2023-46201

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6...

6.1CVSS7.1AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.7 views

CVE-2023-2736

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

8CVSS6.3AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 5:4 p.m.9 views

CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

5.6CVSS5.6AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 3:15 a.m.23 views

CVE-2024-7350

The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...

9.8CVSS0.00656EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-38281 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions 1.1.6 through 1.1.7 Description: The issue is related to authentication bypass due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This allo...

9.8CVSS7AI score0.00656EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.5 views

PT-2024-5125 · Sicam Egs +1 · Sicam Egs +4

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 SICAM CP-8031, CP-8050, SICAM EGS affected versions not specified Description: The issue is related to the lack of necessary...

10CVSS7.2AI score0.00454EPSS
Exploits0References5
OSV
OSV
added 2024/06/18 9:30 p.m.19 views

GHSA-R82W-3PHG-QVR4 Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

6.9CVSS6.7AI score0.00243EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/06/18 9:30 p.m.24 views

Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS6.9AI score0.00243EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/06/18 8:15 p.m.37 views

CVE-2024-38277

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS0.00243EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/06/18 8:15 p.m.18 views

CVE-2024-38277

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS6AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2024/06/18 7:49 p.m.70 views

CVE-2024-38277

Moodle vulnerability CVE-2024-38277 concerns the QR login key and the auto-login key: a single key must not be reused between them. Connected docs (BIT-MOODLE-2024-38277) describe this exact issue, but do not provide concrete fix/version details. The impact/mitigation specifics are not fully disc...

5.4CVSS6.6AI score0.00243EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.6 views

PT-2024-27916 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key...

8.8CVSS5.5AI score0.83343EPSS
Exploits8References74
Positive Technologies
Positive Technologies
added 2024/05/05 12:0 a.m.4 views

PT-2024-25945 · Syracuse · Avantra Server

Name of the Vulnerable Software and Affected Versions: Avantra Server versions 24.0.0 through 24.0.6 Avantra Server versions 24.1.0 through 24.1.0 Description: The issue concerns the mishandling of dashboard security. If a user can create a dashboard with an auto-login user, data disclosure may...

6.8CVSS7.1AI score0.00385EPSS
Exploits0References6
NVD
NVD
added 2024/04/09 5:16 p.m.33 views

CVE-2024-30262

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

7.1CVSS5.8AI score0.00495EPSS
Exploits0References2
Rows per page
Query Builder