168 matches found
SUSE CVE-2025-27818
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
SUSE CVE-2025-27819
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
Apache Kafka 安全漏洞
Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in data streams. A security vulnerability exists in Apache Kafka that stems from a...
CVE-2024-0726
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file adminlogin.php of the component Admin Login Module. The manipulation of the argument msg with the input...
CVE-2024-48533
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts...
CVE-2023-0305
A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file adminclass.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...
oa_system 跨站脚本漏洞
oasystem is a hailey individual developer's application for the day-to-day operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned inputs to the parameter userName in...
CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document aka a client configuration file, which can be uploaded at the /cluster-connections URI...
DEBIAN-CVE-2025-24032
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...
UBUNTU-CVE-2025-24031
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...
CVE-2025-24032 PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...
CVE-2025-24031
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...
Drupal Authenticator Login module < 2.0.6 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Ahmed Raza in WordPress Module Authenticator Login versions 2.0.6...
The vulnerability of the Login module in Drupal CMS systems, related to deficiencies in authentication procedures, allows attackers to bypass existing security restrictions.
The vulnerability of the Login module in Drupal CMS systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows attackers to bypass existing security restrictions remotely...
Hospital Management System index.php File SQL Injection Vulnerability
Hospital Management System a hospital management system. Hospital Management System has a SQL injection vulnerability that originates from the manipulation of username/password parameters in the login component of the /admin/index.php file. No details of the vulnerability are available at this ti...
CVE-2024-48533
CVE-2024-48533 affects eSoft Planner 3.24.08271-USA, where the Forgot your Login? module returns different responses for valid vs invalid email addresses, enabling username enumeration. Multiple sources (NVD, Red Hat, CNNVD, CVE lists) confirm the issue and its impact on account discovery. The co...
PT-2024-33133 · Unknown · Esoft Planner
Name of the Vulnerable Software and Affected Versions: eSoft Planner version 3.24.08271-USA Description: A discrepancy in responses for valid and invalid e-mail accounts in the Forgot your Login? module allows attackers to enumerate valid user e-mail accounts. Recommendations: For eSoft Planner...
PT-2024-19494 · Unknown · Instarispacs
Name of the Vulnerable Software and Affected Versions: InstaRISPACS affected versions not specified Description: The issue exists due to insufficient validation of user-supplied input for the loginTo parameter in the user login module of the web interface. A remote attacker could exploit this by...
Student Management System SQL Injection Vulnerability
Student Management System is a simple web-based student management software by Sk. Amir Hamza, an individual developer in Bangladesh. A SQL injection vulnerability exists in itsourcecode Student Management System version 1.0, which originates from the login.php in the component Login that contain...