CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

PT-2026-29536

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

CVE-2025-58447 rAthena has heap-based buffer overflow in login server

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted CASSOLOGINREQ with an oversized...

CVE-2023-32152

CVE-2023-32152 concerns a authentication bypass in the web management interface of the D-Link DIR-2640 router. Multiple connected sources confirm that a specially crafted request to the web portal (listening on TCP port 80) can bypass login, allowing network-adjacent attackers to access the devic...

CVE-2023-25295

A Cross Site Scripting XSS vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel...

D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. ...

CVE-2022-28987

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...

Apache Traffic Control 安全漏洞

Apache Traffic Control is a distributed, scalable content distribution solution from the Apache Foundation. Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6 was vulnerable to a code issue that allowed unprivileged users who could reach traffic operations via HTTPS to send a special POST...

Fortinet FortiMail 安全漏洞

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. It provides email security and data protection. A security vulnerability exists in FortiMail that stems from a lack of memory release after a valid lifecycle vulnerability in Webmail. The vulnerability can ...

CVE-2020-27121

A vulnerability in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is...

CVE-2013-1169

Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID...

CVE-2013-1169

Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID...

CVE-2011-4157

Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request...

CVE-2006-4521

The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service invalid memory access...