31 matches found
CVE-2026-8993
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...
RHEL 9 : libsoup (RHSA-2026:2216)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2216 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Signed to Unsigned Conversion Error Leadi...
OESA-2026-1326 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoupβs HTTP header handling allows multiple Host: headers in a...
EUVD-2014-0991
Malware in sbrugna...
EUVD-2020-7592
Malware in sbrugna...
EUVD-2008-2699
Malware in sbrugna...
EUVD-2025-12290
Malicious code in bioql PyPI...
CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
π Microsoft SharePoint 2019 NTLM Authentication Information Disclosure
Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...
CVE-2025-48746
Netwrix Directory Manager formerly Imanami GroupID v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function...
CVE-2023-35885
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...
CVE-2022-42951
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time before the cluster management authentication has started where an attacker can connect to the cluster...
CVE-2024-12111
In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.34.4; 24.34.5...
PT-2023-36417 Β· Undefined Β· Undefined
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠ³ΠΎ ΡΡΠ΅Π΄ΡΡΠ²Π° Π΄Π»Ρ ΠΎΠ±ΡΠ»ΡΠΆΠΈΠ²Π°Π½ΠΈΡ, ΠΎΡΠΈΡΡΠΊΠΈ ΠΈ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΡΡ ΡΠΈΡΡΠ΅ΠΌ Windows Microsoft PC Manager ΡΠ²ΡΠ·Π°Π½Π° Ρ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΡΡ ΠΎΠ±Ρ ΠΎΠ΄Π° Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ. ΠΠΊΡΠΏΠ»ΡΠ°ΡΠ°ΡΠΈΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ ΠΌΠΎΠΆΠ΅Ρ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡΡ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ, Π΄Π΅ΠΉΡΡΠ²ΡΡΡΠ΅ΠΌΡ ΡΠ΄Π°Π»ΡΠ½Π½ΠΎ, ΡΠ΅Π°Π»ΠΈΠ·ΠΎΠ²Π°ΡΡ Π°ΡΠ°ΠΊΡ Π½Π° ΡΠ΅ΠΏΠΎΡΠΊΡ ΠΏΠΎΡΡΠ°Π²ΠΎΠΊ ΠΈ...
OESA-2023-1452 samba security update
Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back...
UBUNTU-CVE-2022-2127
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manage...
SUSE CVE-2023-22644
A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...
Trend Micro Vulnerability Protection LDAP Authentication Bypass Vulnerability
Trend Micro Vulnerability Protection is an endpoint vulnerability protection product that provides one step faster and stronger endpoint protection. An LDAP authentication bypass vulnerability exists in Trend Micro Vulnerability Protection 2.0 SP2, which can be exploited by an attacker to bypass...
CVE-2020-15601
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this...