63 matches found
SUSE CVE-2026-0999
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
GO-2026-4520 Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server
Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2026-0999
Technical details beyond the summary are not provided in the supplied documents. Monitor for updates from Mattermost advisory MMSA-2025-00548.
Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120
This module enables you to apply time-based login restrictions and display related warning or logout confirmation pages. The module doesn't sufficiently protect its confirmation routes from cross-site request forgery CSRF, allowing the logout confirmation route to be triggered without user...
EUVD-2017-18221
Malware in sbrugna...
EUVD-2013-2153
Malware in sbrugna...
EUVD-2022-51869
Malicious code in bioql PyPI...
EUVD-2023-33788
Malicious code in bioql PyPI...
EUVD-2022-51868
Malicious code in bioql PyPI...
CVE-2023-2282
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...
CVE-2022-4536
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...
CVE-2022-4529
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can...
Binary Vulnerability in H3C Magic R3000 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technology Co.
Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A binary vulnerability exists in the H3C Magic R3000 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technologies Limited, which can be exploited by attackers to bypass login restrictions...
CVE-2024-48872
Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, and 9.5.x = 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being...
CVE-2022-4534 Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass
The Limit Login Attempts Spam Protection plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can suppl...
PT-2024-32715 · Unknown · Shilpi Client Dashboard
Name of the Vulnerable Software and Affected Versions: Shilpi Client Dashboard affected versions not specified Description: This issue is due to missing restrictions for incorrect login attempts on the API-based login of the Shilpi Client Dashboard. A remote attacker could exploit this by...
CVE-2022-4533
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...
CVE-2022-4533
CVE-2022-4533 affects the WordPress plugin Limit Login Attempts Plus up to version 1.1.0. The vulnerability stems from insufficient restrictions on where the IP Address is retrieved for request logging and login restrictions, allowing an attacker to spoof the IP via the X-Forwarded-For header and...
CVE-2022-4529
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can...
PT-2024-11695 · WordPress · Security
Name of the Vulnerable Software and Affected Versions: Security, Antivirus, Firewall – S.A.F plugin for WordPress versions up to, and including, 2.3.5 Description: The issue is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login...