16 matches found
CVE-2026-3144 IBM API Connect Default Credentials
IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...
EUVD-2026-19703
An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...
CVE-2026-5384
An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...
CVE-2026-5384
An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...
PT-2026-30879
An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...
CVE-2025-14942
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
CVE-2025-14942 Authentication Bypass
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
CVE-2024-13996
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...
EUVD-2024-55047
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...
CVE-2024-13996
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...
CVE-2024-13996
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...
CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...
CVE-2024-13996
CVE-2024-13996 affects Nagios XI prior to 2024R1.1.3. The issue is that changing a user password does not invalidate all other active sessions, allowing pre-existing sessions (potentially attacker-controlled) to remain valid and permit continued unauthorized access to user data and actions. Multi...
SUSE-SU-2023:3885-1 Security update for SUSE Manager Server 4.3
This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.8 Important Salt minion update SUSE Manager Pay-as-you-go PAYG Automated RHUI credential update Monitoring: Prometheus upgraded to 2.45.0 Monitoring: Apache exporter updated to version 1.0.0 Expose...
UBUNTU-CVE-2017-9064
In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...
Multiple Vulnerabilities in Apple OS X Keychain/WebSocket/Sandbox ACLs
Apple Mac OS X is an operating system for Apple devices. Multiple vulnerabilities exist in the Apple OS X Keychain/WebSocket/Sandbox ACL. 1 A remote user can create an application that, when installed by the target user, can access the target application's keychain entries, delete the keychain...