1748 matches found
CVE-2025-64471
A use of password hash instead of password for authentication vulnerability CWE-836 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attack...
CVE-2025-64471
Fortinet FortiWeb is affected by CVE-2025-64471 due to using a password hash instead of a password for authentication. Affected versions: FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, 7.0.0–7.0.11. An unauthenticated attacker could authenticate by submitting a password hash in cr...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A security vulnerability in Fortinet FortiWe...
PT-2025-50130
Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 8.0.0 through 8.0.1 Fortinet FortiWeb versions 7.6.0 through 7.6.5 Fortinet FortiWeb versions 7.4.0 through 7.4.10 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.0.0 through 7.0.11...
time-based-blind-sqli-exploit
Time-Based Blind SQL Injection Exploit Este repositório conté...
CVE-2025-10285
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...
CVE-2025-10285
CVE-2025-10285 affects Silicon Labs Simplicity Device Manager. The exposed web interface enables an attacker to extract NTLMv2 hashes, which could be used to crack users’ domain passwords. Affected software is Silicon Labs Simplicity Device Manager; the root cause is publicly accessible web UI ex...
Grav Elevation of Privilege Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which stems from a password hash disclosure, and can be exploited by an attacker to cause...
CVE-2025-13829
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
EUVD-2025-200016
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
CVE-2025-13829
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
CVE-2025-13829
CVE-2025-13829 affects Data Illusion Zumbrunn NGSurvey and is described as an Incorrect Authorization vulnerability that lets any logged-in user access private data of other users. Publicly reported details across multiple sources (NVD, Red Hat, EUVD, CVE.org, CNNVD, etc.) enumerate sensitive dat...
CVE-2025-13829
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
CVE-2025-13829
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
Grav 安全漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which stems from a password hash disclosure, and can be exploited by an attacker to cause...
GHSA-8JPW-GPR4-8CMH Directus's conceal fields are searchable if read permissions enabled
Summary A vulnerability allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Details The system permits sear...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
EUVD-2025-131903
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...