Lucene search
K

117 matches found

Github Security Blog
Github Security Blog
added 2025/06/11 2:44 p.m.11 views

pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...

8.2CVSS7.2AI score0.00461EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/06/11 2:32 p.m.44 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS0.00461EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/11 2:32 p.m.8 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7AI score0.00461EPSS
Exploits0References2
CVE
CVE
added 2025/06/11 2:32 p.m.238 views

CVE-2025-49146

CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...

8.2CVSS7AI score0.00461EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 8:52 a.m.6 views

CVE-2019-8149

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication...

9.8CVSS7.2AI score0.0214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:52 a.m.5 views

CVE-2019-8108

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management...

6.5CVSS6.8AI score0.01168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 a.m.5 views

CVE-2019-15653

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

7.5CVSS7.4AI score0.00831EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 7:54 a.m.27 views

CVE-2025-0020

...

Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.5 views

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.1CVSS8.3AI score0.01642EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 7:23 a.m.16 views

CVE-2025-1717 Login Me Now <= 1.7.2 - Authentication Bypass

The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...

8.1CVSS0.00542EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.3 views

PT-2025-8922 · WordPress · Login Me Now

Name of the Vulnerable Software and Affected Versions: Login Me Now plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to insecure authentication based on an arbitrary transient name in the AutoLogin::listen function, allowing unauthenticated attackers to...

8.1CVSS9.4AI score0.00542EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.4 views

PT-2025-1269 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Microsoft Digest authentication mechanism in Windows operating systems, which uses insecure methods for handling authentication data in the operating system's...

8.1CVSS9.6AI score0.01165EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.6 views

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

8.1CVSS8.2AI score0.01058EPSS
Exploits0References3
CVE
CVE
added 2024/12/10 12:0 a.m.54 views

CVE-2024-45494

The CVE affects MSA FieldServer Gateway versions 5.0.0–6.5.2 (fixed in 7.0.0). A shared administrative user on all devices uses an unsafe, static secret for authentication, enabling potential unauthorized admin access. The issue is described with high impact across confidentiality, integrity, and...

9.8CVSS9.7AI score0.00464EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.3 views

PT-2024-9493 · Microsoft · Windows Remote Desktop Services +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows a remote attacker to execute...

8.1CVSS7.6AI score0.01058EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/11/14 12:0 a.m.20 views

CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

7.1AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.5 views

PT-2024-6757 · Microsoft · Windows Remote Desktop Licensing Service +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows remote attackers to...

7.5CVSS7.9AI score0.01094EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/10/04 12:13 p.m.32 views

CVE-2024-47652 Insecure Authentication Vulnerability

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile...

7.6CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.12 views

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

8.1CVSS0.00424EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.3 views

FlatPress 安全漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version v1.3.1, which stems from the use of an insecure method to store authentication data via the cookie component...

8.1CVSS7AI score0.00424EPSS
Exploits0References2
Rows per page
Query Builder